CVE-2018-2841

Description

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise Java VM. While the vulnerability is in Java VM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.0 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).

Risk Information

Base Score

8.5

MODERATE

Vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Score

Exploitation Probability

1.093

Associated Vulnerability

Vulnerability	OS Platform
Multiple Vulnerabilities are affected in Oracle 11.2.0.4	Windows
Multiple Vulnerabilities are affected in Oracle 12.1.0.2	Windows
Multiple Vulnerabilities are affected in Oracle 12.2.0.1	Windows
Vulnerabilities CVE-2018-2841 are affected in Oracle 18.1.0.0	Windows
Multiple Vulnerabilities are affected in Oracle Database Server 11.2.0.4	Windows
Multiple Vulnerabilities are affected in Oracle Database Server 12.1.0.2	Windows
Multiple Vulnerabilities are affected in Oracle Database Server 12.2.0.1	Windows
Vulnerabilities CVE-2018-2841 are affected in Oracle Database Server 18.1.0.0	Windows

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234