Oracle is calling on its customers to immediately patch a security vulnerability that can lead to “complete compromise of the Oracle Database”.
The vulnerability was found in the Java VM component of the vendor’s database server, but attacks may “significantly impact additional products”, according to a notice on the US National Vulnerability Database.
As well as compromising databases, the vulnerability, which has a CVSS v3 base score of 9.9, could provide shell access to the underlying servers.
In a security advisory, Oracle said the vulnerability affected versions 184.108.40.206, 220.127.116.11 and 18.104.22.168 on Windows, as well as those running on Linux and Unix.
Oracle’s July 2018 critical patch update closed the vulnerability on all versions but Windows 22.214.171.124 and 126.96.36.199. Patches for these versions are available on Oracle’s website.
“Due to the nature of this vulnerability, Oracle strongly recommends that customers take action without delay,” the vendor warned.