Unrated severityNVD Advisory· Published Jul 18, 2018· Updated Oct 2, 2024

CVE-2018-3004

Description

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2,12.2.0.1 and 18.2. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java VM accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).

Affected products

Oracle Corporation/Oracle Database Corecpe-rescue
Range: 11.2.0.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

obtruse.syfrtext.com/2018/07/oracle-privilege-escalation-via.htmlmitrex_refsource_MISC
www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlmitrex_refsource_CONFIRM
www.securityfocus.com/bid/104805mitrevdb-entryx_refsource_BID
www.securitytracker.com/id/1041299mitrevdb-entryx_refsource_SECTRACK

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000