Published: 17/10/2018 Updated: 03/10/2019

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle database server 11.2.0.4
oracle database server 12.1.0.2
oracle database server 12.2.0.1
oracle database server 18c

Thought Patch Tuesday was a load? You gotta check out this Oracle mega-advisory, then

The Register • Shaun Nichols in San Francisco • 16 Oct 2018

And you'll definitely want to check out the libssh flaw

Oracle has released a wide-ranging security update to address more than 300 CVE-listed vulnerabilities in its various enterprise products. The October release covers the gamut of Oracle's offerings, including its flagship Database, E-Business Suite, and Fusion Middleware packages. For Database, the update addresses a total of three flaws. Two of the vulnerabilities (CVE-2018-3259 and CVE-2018-3299) can be remotely exploited without authentication, while the third, CVE-2018-7489, would require th...

CVE-2018-3259

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect