First published: Wed Jan 16 2019(Updated: )
An unspecified vulnerability in Oracle Database Server related to the Core RDBMS component could allow an authenticated attacker to take control of the system.
Credit: secalert_us@oracle.com secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
Oracle Database | =12.1.0.2 | |
Oracle Database | =12.2.0.1 | |
Oracle Database | =18c | |
IBM ISIM VA | <=7.0.2 | |
IBM ISIM VA | <=7.0.1 | |
=12.1.0.2 | ||
=12.2.0.1 | ||
=18c |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-2406 is an unspecified vulnerability in the Core RDBMS component of Oracle Database Server.
Oracle Database Server versions 12.1.0.2, 12.2.0.1, and 18c are affected by CVE-2019-2406.
CVE-2019-2406 has a severity rating of 7.2 (high).
CVE-2019-2406 can be easily exploited by a high privileged attacker with Create Session and Execute Catalog Role privilege via Oracle Net with network access.
Yes, you can find more information about CVE-2019-2406 at the following references: [1] http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html, [2] http://www.securityfocus.com/bid/106591, [3] https://exchange.xforce.ibmcloud.com/vulnerabilities/155725