Oracle just released Security Alert CVE-2018-3110. This vulnerability affects the Oracle Database versions 18.104.22.168 and 22.214.171.124 on Windows. It has received a CVSS Base Score of 9.9, and it is not remotely exploitable without authentication. Vulnerability CVE-2018-3110 also affects Oracle Database version 126.96.36.199 on Windows as well as Oracle Database on Linux and Unix; however, patches for those versions and platforms were included in the July 2018 Critical Patch Update.
Due to the nature of this vulnerability, Oracle recommends that customers apply these patches as soon as possible. This means that:
For More Information:
• The Advisory for Security Alert CVE-2018-3110 is located at http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-3110-5032149.html
• The Advisory for the July 2018 Critical Patch Update is located at http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html