Oracle Patch Update July 2017 (Database Server)
Oracle have released their latest critical patch update for Database Server yesterday evening (18/7). This Oracle Critical Patch Update includes 4 new security fixes for Oracle Database and a vulnerability for Oracle REST Data services (formerly Application Express listener). These updates are available for the below supported versions:
- Oracle Database Server 22.214.171.124
- Oracle Database Server 126.96.36.199
- Oracle Database Server 188.8.131.52
The highest scoring vulnerability in OJVM is an easily exploitable vulnerability and allows a low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise OJVM. While the vulnerability is in OJVM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of OJVM. Note: This score is for Windows platforms.
For more information please see the full Oracle update at http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixDB