It looks very vague – Oracle Vulnerability CVE-2019-2517 (Jun 2019)

Preface: Every time you review Oracle security advisory. Your feeling is vague since no details will be provided!

Vulnerability details: A vulnerability in the Core RDBMS component of Oracle Database Server could allow an authenticated, remote attacker with high privileges to compromise a targeted system completely.

More details: The vulnerability resides in the Java Virtual Machine component of the Oracle Database Server and does not require user interaction. The vulnerability allows low-privileged attackers that have Create Session privilege with network access via Oracle Net to compromise the Java VM component.

How to identify your JVM for Oracle:

select * from all_registry_banners;

Impact: Since the vulnerability happen on JVM. Therefore successful exploit could allow the attacker to compromise the system completely.

Affected products: Oracle Database Server 12c12.2 (.0.1), Oracle Database Server 18cRelease Update 6 (18.6) (Base)

Remedy: Oracle released software updates at the following link – https://www.oracle.com/downloads/index.html

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.