Oracle Security Alert for CVE-2018-3110 - Oracle CVRF Oracle Security Alert CVE-2018-3110 Final 1.0 1.0 2018-08-10T13:00:00-07:00 Initial Distribution 2018-08-10T13:00:00-07:00 2018-08-10T13:00:00-07:00 This document contains descriptions of Oracle product security vulnerabilities which have had fixes released for all supported versions and platforms for the associated product. Additional information regarding these vulnerabilities including fix distribution information can be found at the Oracle sites referenced in this document. This document is published at: http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/5038815.xml https://www.oracle.com/security-alerts/alert-cve-2018-3110.html URL to html version of Advisory Oracle Database Version 11.2.0.4 Oracle Database Version 12.1.0.2 Oracle Database Version 12.2.0.1 Oracle Database Version 18 Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Java VM. While the vulnerability is in Java VM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). Fix has been released CVE-2018-3110 P-5V-11.2.0.4 P-5V-12.1.0.2 P-5V-12.2.0.1 P-5V-18 9.9 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2018-3110 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/alert-cve-2018-3110.html P-5V-11.2.0.4 P-5V-12.1.0.2 P-5V-12.2.0.1 P-5V-18