Published: 10/08/2018 Updated: 03/10/2019

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 9.9 | Impact Score: 6 | Exploitability Score: 3.1

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

A vulnerability exists in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Java VM. While the vulnerability is in Java VM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle database server 12.1.0.2
oracle database server 12.2.0.1
oracle database server 18
oracle database server 11.2.0.4

Oracle: Run, don't walk, to patch this critical Database takeover bug

The Register • Shaun Nichols in San Francisco • 14 Aug 2018

Flaw in House Larry's flagship product allows 'complete compromise' of servers Oracle puts release of new freebie mini-database on ice to work out kinks

Oracle is advising customers to update their database software following the discovery and disclosure of a critical remote code execution vulnerability. The flaw, dubbed CVE-2018-3110 was given a CVSS base score of 9.9 (out of 10) and Oracle warns that successful exploit of the bug "can result in complete compromise of the Oracle Database and shell access to the underlying server." "Due to the nature of this vulnerability, Oracle strongly recommends that customers take action without delay," Ora...

CVE-2018-3110

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect