Justin Sullivan/Getty Images
show image

Oracle has flagged a vulnerability that can “completely compromise” customer databases

Oracle is calling on its customers to immediately patch a security vulnerability that can lead to “complete compromise of the Oracle Database”.

The vulnerability was found in the Java VM component of the vendor’s database server, but attacks may “significantly impact additional products”, according to a notice on the US National Vulnerability Database.

As well as compromising databases, the vulnerability, which has a CVSS v3 base score of 9.9, could provide shell access to the underlying servers.

In a security advisory, Oracle said the vulnerability affected versions, and on Windows, as well as those running on Linux and Unix.

Oracle’s July 2018 critical patch update closed the vulnerability on all versions but Windows and Patches for these versions are available on Oracle’s website.

“Due to the nature of this vulnerability, Oracle strongly recommends that customers take action without delay,” the vendor warned.