CVE-2018-2575

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 11.2.0.4, 12.1.0.2, and 12.2.0.1

Description The issue affects the Core RDBMS component of Oracle Database Server, allowing a high-privileged attacker with local logon privilege and network access via multiple protocols to compromise Core RDBMS. This is a difficult to exploit vulnerability that requires human interaction from a person other than the attacker, and successful attacks can result in unauthorized read access to a subset of Core RDBMS accessible data. Note that this issue is applicable only to the Windows platform.

Recommendations For version 11.2.0.4, update to a version that includes the fix for this issue. For version 12.1.0.2, update to a version that includes the fix for this issue. For version 12.2.0.1, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting network access to the Core RDBMS component to minimize the risk of exploitation.