CVE-2019-2939

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 12.2.0.1, 18c, 19c

Description The issue is related to a vulnerability in the Core RDBMS component of Oracle Database Server, which is easily exploitable and allows a low-privileged attacker with Create Session privilege and network access via OracleNet to compromise Core RDBMS. This can result in unauthorized read access to a subset of Core RDBMS accessible data. The vulnerability may also impact additional products.

Recommendations For versions 12.2.0.1, 18c, and 19c, consider restricting network access via OracleNet to minimize the risk of exploitation. As a temporary workaround, limit the Create Session privilege to reduce the attack surface. Avoid using the Core RDBMS component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.