CVE-2018-2939

Name of the Vulnerable Software and Affected Versions Oracle Database versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18.1, and 18.2

Description The issue is related to insufficient access control in the Core RDBMS component of Oracle Database Server. It can be easily exploited by a low-privileged attacker with local logon privileges, potentially compromising the Core RDBMS and impacting additional products. Successful attacks may result in unauthorized access to critical data, including creation, deletion, or modification, as well as the ability to cause a hang or crash of the Core RDBMS.

Recommendations For versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18.1, and 18.2, consider restricting local logon privileges to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit access to the Core RDBMS component to reduce the potential impact of the issue. Avoid using the Core RDBMS component for critical data storage or processing until the issue is resolved.