Critical Vulnerability was discovered in the Java VM component of Oracle Database Server
CVE: CVE-2018-3310
CVSS: 9.9
Sources
http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-3110-...
https://www.security-database.com/detail.php?alert=CVE-2018-3110
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Risks
Successful exploitation of this vulnerability can result in privilege escalation to session privileges. The attacker requires network access and low privileged credentials to compromise the Java Virtual machine, this can impact additional products relying on the Java Virtual Machine.
Description
A vulnerability was discovered in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18. This easily exploitable vulnerability allows an attacker with low privilege credentials who has access to the network upgrade the current privileges to session privileges via the Oracle Net protocol to compromise the Java Virtual Machine. Successful attacks of this vulnerability can result in a takeover of Java Virtual Machine and products relying on the Java Virtual Machine.
Recommended Actions
CERT.be recommends users to always keep their systems up to date. Patches can be downloaded at the following address: http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html