CVE-2019-2444

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 12.2.0.1 and 18c

Description The issue is related to insufficient access control in the Core RDBMS component of Oracle Database Server. Exploitation of this issue can allow an attacker to gain full control over the application. The vulnerability can be exploited by a low-privileged attacker with local logon privilege, and successful attacks require human interaction from a person other than the attacker. The impact of successful attacks can be significant, potentially resulting in the takeover of Core RDBMS.

Recommendations For versions 12.2.0.1 and 18c, consider restricting access to the Core RDBMS component to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider disabling any functionality that relies on local logon privilege to the infrastructure where Core RDBMS executes. Restrict network access via multiple protocols to reduce the attack surface.