Saturday, October 12, 2024
HomeSecurity UpdatesOracle Released Security Update Addresses a Critical Database Vulnerability That Affects Multiple...

Oracle Released Security Update Addresses a Critical Database Vulnerability That Affects Multiple Versions

Published on

Malware protection

Oracle released security updates covering Database vulnerability that affects multiple versions on Windows, Linux, and Unix.

The vulnerability can be tracked as CVE-2018-3110 and has CVSS v3 base score of 9.9. It affects 11.2.0.4, 12.2.0.1 and 12.2.0.2 on Windows and version 12.2.0.2 on Linux and Unix.

A low privileged remote attacker could exploit the vulnerability easily by having the privilege to create a session with network access via Oracle Net to compromise Java VM. The vulnerability resides with Java VM, so it may impact additional products, Oracle said.

- Advertisement - SIEM as a Service

It is not possible to exploit the vulnerability by a remote attacker without having any privileges. Successful exploitation results in the takeover of Java VM.

If you are running the Oracle database versions 11.2.0.4 and 12.2.0.1 on Windows, as well as the version 12.2.0.2 on Windows, Linux and Unix you should patch them immediately. The patches come preinstalled with July 2018 CPU for those versions and platforms.

This fix is not applicable to client-only installations, i.e., installations that do not have the Oracle Database Server installed Oracle said.

Due to the severity of the vulnerability, Oracle recommends applying the patches immediately, starting 2018 attackers exploited vulnerability CVE 2017-10271 that present in the WebLogic Web Services to mine monero coins. Oracle’s July security update Covers 334 Vulnerabilities Across All the Products

Also Read

Oracle Weblogic Exploit to Deploy Monero Miner

Security Bug Affected 300,000 Oracle Point of Sale Systems Puts the Critical Business Data at Risk

Hackers Abused Oracle WebLogic Server for Mining Cryptocurrencies

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Threat Actor ProKYC Selling Tools To Bypass Two-Factor Authentication

Threat actors are leveraging a newly discovered deepfake tool, ProKYC, to bypass two-factor authentication...

Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks

A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being...

SpyCloud Embeds Identity Analytics in Cybercrime Investigations Solution to Accelerate Insider and Supply Chain Risk Analysis & Threat Actor Attribution

IDLink, SpyCloud’s new automated digital identity correlation capability, is now core to its industry-leading...

Abusix and Red Sift Form New Partnership, Leveraging Automation to Mitigate Cyber Attacks

The agreement has marked over 600,000 fraudulent domains for takedown in just two months...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Microsoft Urges Windows Admins to Patch Microsoft Message Queuing RCE Flaw

Microsoft has disclosed two Critical remote code execution vulnerabilities in MSMQ (Microsoft Message Queuing)...

Microsoft Unveild New Windows 11 Features To Strengthen Security

Microsoft has been prioritizing security in Windows, as they introduced Secured-Core PCs to protect...

NETGEAR buffer Overflow Vulnerability Let Attackers Bypass Authentication

Some router models have identified a security vulnerability that allows attackers to bypass authentication.To...