CVE-2019-2734

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 12.2.0.1, 18c, 19c

Description The issue is related to a vulnerability in the Core RDBMS component of Oracle Database Server, which is easily exploitable and allows a low-privileged attacker with Create Session and Execute on DBMS ADVISOR privileges to compromise the Core RDBMS via OracleNet. This can result in unauthorized update, insert, or delete access to some Core RDBMS accessible data. The vulnerability is related to insufficient access control.

Recommendations For versions 12.2.0.1, 18c, and 19c, consider restricting access to the Core RDBMS component until a patch is available. As a temporary workaround, consider disabling the DBMS ADVISOR privilege to minimize the risk of exploitation. Restrict network access via OracleNet to reduce the attack surface. At the moment, there is no information about a newer version that contains a fix for this vulnerability.