BACK TO NEWS & UPDATES
VENDOR UPDATE | 17 July 2019

Oracle Database Critical Patch And Scurity Update July 2019

Description

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Please review our previous Critical Patch Update advisories for more information regarding earlier published security fixes.

Oracle Database Server Executive Summary

This Critical Patch Update contains 9 NEW security fixes for the Oracle Database Server:

  • 8 NEW security fixes for the Oracle Database Server.
    • 1 of these vulnerabilities may be remotely exploitable without authentication, (i.e., may be exploited over a network without requiring user credentials).
    • 3 of these fixes are applicable to client-only installations, (i.e., installations that do not have the Oracle Database Server installed).
  • 1 NEW security fix for Oracle Global Lifecycle Management. This vulnerability is not remotely exploitable without authentication, (i.e., may not be exploited over a network without requiring user credentials).

These Critical patch updates are applicable to the following database versions:

  • Oracle Database 11.2.0.4
  • Oracle Database 12.1.0.2
  • Oracle Database 12.2.0.1
  • Oracle Database 18c
  • Oracle Database 19c
CVE#ComponentPackage and/or Privilege RequiredProtocolRemote
Exploit
without
Auth.?		CVSS VERSION 3.0 RISKSupported Versions AffectedNotes
Base
Score		Attack
Vector		Attack
Complex		Privs
Req'd		User
Interact		ScopeConfid-
entiality		Inte-
grity		Avail-
ability
CVE-2018-11058 Core RDBMS None Multiple Yes 9.8 Network Low None None Un-
changed		 High High High 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c  
CVE-2019-2776 Core RDBMS Create Any Index OracleNet No 7.6 Network Low High None Changed High Low None 12.1.0.2, 12.2.0.1, 18c, 19c  
CVE-2019-2799 Oracle ODBC Driver None Multiple No 7.5 Network High Low None Un-
changed		 High High High 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c See Note 1
CVE-2019-2749 Java VM Create Session, Create Procedure Multiple No 6.8 Network High Low None Un-
changed		 None High High 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c  
CVE-2019-2484 Application Express Valid Account HTTP No 5.4 Network Low Low Required Changed Low Low None 5.1, 18.2  
CVE-2019-2753 Oracle Text Create Session OracleNet No 4.6 Network Low Low Required Un-
changed		 Low None Low 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c  
CVE-2019-2569 Core RDBMS Local Logon Local Logon No 4.0 Local High High Required Un-
changed		 High None None 11.2.0.4, 12.1.0.2, 12.2.0.1  
CVE-2016-9572 Spatial Create Session OracleNet No 3.5 Network Low Low Required Un-
changed		 None None Low 12.2.0.1, 18c  

Notes:

1. The vulnerability affects Windows platforms only.

Further Help and Assistance

For further advice about Oracle Critical Patch Updates, including installation planning and consultancy services, please contact one of our pre-sales technical team on 0330 332 6223 or visit our website nlightn-IT

Latest Articles

GET IN TOUCH

Fill out the form and our specialist will contact you for a consultation.

GET IN TOUCH

PARTNERS WE WORK WITH
  • Microsoft
  • Db Visit
  • Oracle
  • Tibero
  • Tmaxsoft
  • Tmaxsoft
  • SplashBI
nlight-IT

Services

Company

Legal

Social

 

Copyright © 2024 nlightn-IT Ltd
Website by Cloudblue