CVE-2017-3310

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 11.2.0.4 and 12.1.0.2

Description The issue is related to the OJVM component of Oracle Database Server. It allows a low-privileged attacker with Create Session and Create Procedure privileges and network access via multiple protocols to compromise OJVM. Successful attacks require human interaction from a person other than the attacker. Although the vulnerability is in OJVM, attacks may significantly impact additional products, potentially resulting in the takeover of OJVM.

Recommendations For version 11.2.0.4, update to a version that includes a fix for this issue. For version 12.1.0.2, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to the OJVM component until a patch is available.