PT-2017-11182 · Oracle · Oracle Database Server+1

Published

2017-10-19

Updated

2019-10-03

CVE-2017-10190

CVSS v3.1

8.2

High

Vector

AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 11.2.0.4, 12.1.0.2, 12.2.0.1

Description The issue is related to a vulnerability in the Java VM component of Oracle Database Server. This vulnerability can be easily exploited by a high-privileged attacker with Create Session and Create Procedure privileges, allowing them to compromise the Java VM. The impact of a successful attack can result in the takeover of the Java VM, affecting not only the Java VM but potentially other products as well.

Recommendations For version 11.2.0.4, update to a version that includes the fix for this issue. For version 12.1.0.2, update to a version that includes the fix for this issue. For version 12.2.0.1, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Java VM component until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2017-10190

Affected Products

Oracle Database

Oracle Database Server

PT-2017-11182 · Oracle · Oracle Database Server+1

CVE-2017-10190

Related Identifiers

Affected Products

References · 5