Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Patch a Critical Vulnerability Found in Oracle

DZone 's Guide to

Patch a Critical Vulnerability Found in Oracle

Oracle released a security patch on Friday and addressed all users to install this patch as soon as possible. Read the description below.

· Database Zone ·
Free Resource

A critical vulnerability has discovered in the most popular and technology giant, Oracle. The company requested all users to patch on an urgent basis. This vulnerability (CVE-2018-3110) affects Oracle Database versions 11.2.0.4 and 12.2.0.1 on Windows and is apparently easy to exploit but can only be exploited remotely by an authenticated attacker.

Oracle released the security patch on Friday and addressed all users to install this patch as soon as possible.

This critical vulnerability can allow attackers that have Create Session privilege with network access via Oracle Net to compromise the component.

Oracle published a security advisory to address this vulnerability as shown below:

Oracle Security Alert Advisory — CVE-2018-3110

Description

This Security Alert addresses an Oracle Database vulnerability in versions 11.2.0.4 and 12.2.0.1 on Windows. CVE-2018-3110 has a CVSS v3 base score of 9.9 and can result in complete compromise of the Oracle Database and shell access to the underlying server. CVE-2018-3110 also affects Oracle Database version 12.1.0.2 on Windows as well as Oracle Database on Linux and Unix, however, patches for those versions and platforms were included in the July 2018 CPU.

If you are running Oracle Database versions 11.2.0.4 and 12.2.0.1 on Windows, please apply the patches indicated below. If you are running version 12.1.0.2 on Windows or any version of the database on Linux or Unix and have not yet applied the July 2018 CPU, please do so.

Due to the nature of this vulnerability, Oracle strongly recommends that customers take action without delay.

Affected Products and Patch Information

Security vulnerabilities addressed by this Security Alert affect the products listed below. The product area is shown in the Patch Availability Document column. Please click on the links in the Patch Availability Document column below to access the documentation for patch availability information and installation instructions.

Affected Products and Versions:

Oracle Database Server, versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18.

Topics:
oracle ,vulnerabilites ,security ,database ,patch vulnerability

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}