CVE-2017-3486

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 11.2.0.4 through 12.1.0.2

Description The issue is related to a vulnerability in the SQLPlus component of Oracle Database Server. This vulnerability is difficult to exploit and allows a high-privileged attacker with local logon privilege to compromise SQLPlus. Successful attacks require human interaction from a person other than the attacker and may significantly impact additional products. The vulnerability can result in the takeover of SQL*Plus.

Recommendations For version 11.2.0.4, update to a version that includes the fix for this issue. For version 12.1.0.2, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the SQL*Plus component to minimize the risk of exploitation.