Justin Sullivan/Getty Images
show image

Oscar Williams

News editor

Oracle has flagged a vulnerability that can “completely compromise” customer databases

Oracle is calling on its customers to immediately patch a security vulnerability that can lead to “complete compromise of the Oracle Database”.

The vulnerability was found in the Java VM component of the vendor’s database server, but attacks may “significantly impact additional products”, according to a notice on the US National Vulnerability Database.

As well as compromising databases, the vulnerability, which has a CVSS v3 base score of 9.9, could provide shell access to the underlying servers.

In a security advisory, Oracle said the vulnerability affected versions 11.2.0.4, 12.2.0.1 and 12.1.0.2 on Windows, as well as those running on Linux and Unix.

Oracle’s July 2018 critical patch update closed the vulnerability on all versions but Windows 11.2.0.4 and 12.2.0.1. Patches for these versions are available on Oracle’s website.

“Due to the nature of this vulnerability, Oracle strongly recommends that customers take action without delay,” the vendor warned.