Oracle admits critical vulnerability

Written by:
Hyve
Date Posted:
15 August 2018

Oracle has issued advice to customers to patch their DB software because of a critical remote code execution vulnerability. 

CVE-2018-3110 scored 9.9/10 on the CVSS bug scoring table. Oracle warned that if the vulnerability is successfully exploited it could: 

"result in complete compromise of the Oracle Database and shell access to the underlying server.”

They continue:

“If you are running Oracle Database versions 11.2.0.4 and 12.2.0.1 on Windows, please apply the patches indicated below. If you are running version 12.1.0.2 on Windows or any version of the database on Linux or Unix and have not yet applied the July 2018 CPU, please do so.”

The Java Virtual Machine aspect of the Oracle Database Server is where the issue lies. In order to execute the flaw, a Bad Actor must have a connection to the server through Oracle Net (which is the protocol Oracle servers use to connect with client apps). Aside from that, there is almost nothing else needed to take complete control of the host server. 

Oracle concludes by saying: 

“Due to the nature of this vulnerability, Oracle strongly recommends that customers take action without delay.”
No votes yet.
Please wait...

Find out why Safestore adopted Hyve as their hosting provider

Case Studies


Hyve are 100% carbon neutral. We use carbon offsetting to balance out the release of carbon dioxide from our offices and infrastructure.