CVE-2018-3110 scored 9.9/10 on the CVSS bug scoring table. Oracle warned that if the vulnerability is successfully exploited it could:
"result in complete compromise of the Oracle Database and shell access to the underlying server.”
“If you are running Oracle Database versions 188.8.131.52 and 184.108.40.206 on Windows, please apply the patches indicated below. If you are running version 220.127.116.11 on Windows or any version of the database on Linux or Unix and have not yet applied the July 2018 CPU, please do so.”
The Java Virtual Machine aspect of the Oracle Database Server is where the issue lies. In order to execute the flaw, a Bad Actor must have a connection to the server through Oracle Net (which is the protocol Oracle servers use to connect with client apps). Aside from that, there is almost nothing else needed to take complete control of the host server.
Oracle concludes by saying:
“Due to the nature of this vulnerability, Oracle strongly recommends that customers take action without delay.”