The accomplice – The accomplice – Oracle design limitation let compromise JVM do the privileges escalation in Oracle DB (CVE-2018-3110)

When I was young, the comics story attracting my seen. The comics picture similar provides like a virtual speaker tell a story to me.

Oracle has released a security alert to address a vulnerability in multiple versions of Oracle Database yesterday. A remote attacker could exploit this vulnerability to take control of an affected system. See whether below picture can tell a story to you. If not, go ahead below official hyperlink for reference.

Symptom: The vulnerability allows low-privileged attackers that have Create Session privilege with network access via Oracle Net to compromise the Java VM component.