CVE-2018-3004 — Corporation Oracle Database vulnerability

20 documents5 sources

Severity

5.3MEDIUMNVD

EPSS

1.2%

top 21.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Corporation Oracle Database Oracle Database Server

Timeline

PublishedJul 18

Latest updateMay 13

Description

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2,12.2.0.1 and 18.2. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java VM accessible data. CVSS 3.0 Base Score 5.3 (Confi…

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages2 packages

▶NVDoracle/database_server4 versions+3

▶CVEListV5oracle_corporation/oracle_database4 versions+3

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-r484-7qfx-vqjc: Vulnerability in the Java VM component of Oracle Database Server↗2022-05-13

▶

CVEList

CVE-2018-3004: Vulnerability in the Java VM component of Oracle Database Server↗2018-07-18

▶

💥Exploits & PoCs

Exploit-DB

Core FTP LE 2.2 - Buffer Overflow (PoC)↗2018-07-02

▶

💬Community

Bugzilla

CVE-2018-17471 chromium-browser: Security UI occlusion in full screen mode↗2018-10-17

▶

Bugzilla

CVE-2018-17466 chromium-browser, firefox: Memory corruption in Angle↗2018-10-17

▶

Bugzilla

CVE-2018-17470 chromium-browser: Memory corruption in GPU Internals↗2018-10-17

▶

Bugzilla

CVE-2018-17473 chromium-browser: URL spoof in Omnibox↗2018-10-17

▶

Bugzilla

CVE-2018-17467 chromium-browser: URL spoof in Omnibox↗2018-10-17

▶