Oracle admits critical vulnerability

Written by:
Date Posted:
15 August 2018

Oracle has issued advice to customers to patch their DB software because of a critical remote code execution vulnerability. 

CVE-2018-3110 scored 9.9/10 on the CVSS bug scoring table. Oracle warned that if the vulnerability is successfully exploited it could: 

"result in complete compromise of the Oracle Database and shell access to the underlying server.”

They continue:

“If you are running Oracle Database versions and on Windows, please apply the patches indicated below. If you are running version on Windows or any version of the database on Linux or Unix and have not yet applied the July 2018 CPU, please do so.”

The Java Virtual Machine aspect of the Oracle Database Server is where the issue lies. In order to execute the flaw, a Bad Actor must have a connection to the server through Oracle Net (which is the protocol Oracle servers use to connect with client apps). Aside from that, there is almost nothing else needed to take complete control of the host server. 

Oracle concludes by saying: 

“Due to the nature of this vulnerability, Oracle strongly recommends that customers take action without delay.”
No votes yet.
Please wait...

Recommended Videos

Find out why Safestore adopted Hyve as their hosting provider

Case Studies

Hyve are 100% carbon neutral. We use carbon offsetting to balance out the release of carbon dioxide from our offices and infrastructure.