CVE-2019-2518

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c

Description The issue is related to a vulnerability in the Java VM component of Oracle Database Server, which can be exploited by a low-privileged attacker with Create Session and Create Procedure privileges and network access via multiple protocols. This can lead to the compromise of the Java VM, potentially resulting in its takeover. The vulnerability is difficult to exploit.

Recommendations For versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c, consider restricting network access to the Java VM component until a fix is available. As a temporary workaround, consider disabling the Java VM component to minimize the risk of exploitation. Restrict access to the Create Session and Create Procedure privileges to minimize the risk of exploitation.