CVE-2018-2875

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 12.2.0.1, 18c, and 19c

Description The issue is related to a vulnerability in the Core RDBMS component of Oracle Database Server, which can be easily exploited by a low-privileged attacker with Create Session privilege and network access via OracleNet. This can lead to unauthorized read access to a subset of Core RDBMS accessible data. The vulnerability may also impact additional products.

Recommendations For version 12.2.0.1, update to a newer version to mitigate the risk. For version 18c, update to a newer version to mitigate the risk. For version 19c, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the Core RDBMS component until a patch is available. Restrict network access via OracleNet to minimize the risk of exploitation.