Patch a Critical Vulnerability Found in Oracle
Oracle released a security patch on Friday and addressed all users to install this patch as soon as possible. Read the description below.
Join the DZone community and get the full member experience.Join For Free
A critical vulnerability has discovered in the most popular and technology giant, Oracle. The company requested all users to patch on an urgent basis. This vulnerability (CVE-2018-3110) affects Oracle Database versions 220.127.116.11 and 18.104.22.168 on Windows and is apparently easy to exploit but can only be exploited remotely by an authenticated attacker.
Oracle released the security patch on Friday and addressed all users to install this patch as soon as possible.
This critical vulnerability can allow attackers that have Create Session privilege with network access via Oracle Net to compromise the component.
Oracle published a security advisory to address this vulnerability as shown below:
Oracle Security Alert Advisory — CVE-2018-3110
This Security Alert addresses an Oracle Database vulnerability in versions 22.214.171.124 and 126.96.36.199 on Windows. CVE-2018-3110 has a CVSS v3 base score of 9.9 and can result in complete compromise of the Oracle Database and shell access to the underlying server. CVE-2018-3110 also affects Oracle Database version 188.8.131.52 on Windows as well as Oracle Database on Linux and Unix, however, patches for those versions and platforms were included in the July 2018 CPU.
If you are running Oracle Database versions 184.108.40.206 and 220.127.116.11 on Windows, please apply the patches indicated below. If you are running version 18.104.22.168 on Windows or any version of the database on Linux or Unix and have not yet applied the July 2018 CPU, please do so.
Due to the nature of this vulnerability, Oracle strongly recommends that customers take action without delay.
Affected Products and Patch Information
Security vulnerabilities addressed by this Security Alert affect the products listed below. The product area is shown in the Patch Availability Document column. Please click on the links in the Patch Availability Document column below to access the documentation for patch availability information and installation instructions.
Affected Products and Versions:
Oracle Database Server, versions 22.214.171.124, 126.96.36.199, 188.8.131.52, 18.
Opinions expressed by DZone contributors are their own.