CVE-2018-3110: Oracle Database Server Vulnerability Alert

CVE-2018-3110

On August 10, 2018, Oracle issued a security notice to alert the vulnerability of the Java Virtual Machine in the Oracle Database Server, CVE-2018-3110. The vulnerability CVSS score is 9.9 points, the impact is more serious, users should update in time.

CVE-2018-3110 affects the Oracle database Windows version 11.2.0.4 and 12.2.0.1, and also affects the entire platform 12.1.0.2 and does not apply the version of the CPU in July 2018. In addition, the old version is likely to be affected.

This vulnerability is the same as CVE-2018-3004 in the CPU released in July 2018, and the attack method is more simplified.

This vulnerability could be exploited by attackers to attack Java virtual machines through Oracle Net. Although this vulnerability exists in the Java Virtual Machine, it can be exploited to attack other products and services. After the attacker successfully attacks, it can take over the entire Java virtual machine.

The following is the affected product and patch availability documentation in the official notice:

Affected Products and Versions Patch Availability Document
Oracle Database Server, versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18 Database