A vulnerability has been discovered in Oracle Database that could allow for complete compromise of the database, as well as shell access to the underlying server.  . The vulnerability resides in the Java Virtual Machine component of the Oracle Database Server and does not require user interaction. The vulnerability allows low-privileged attackers that have Create Session privilege with network access via Oracle Net to compromise the Java VM component.
The successful exploitation of this vulnerability could allow a remote, authenticated attacker to take complete control of the product and establish a shell access to the underlying server.
- Oracle Database versions 126.96.36.199, 188.8.131.52, 184.108.40.206 on Windows
- Oracle Database versions 12.1.02 on Unix or Linux
- Apply appropriate patches provided by Oracle to vulnerable systems immediately after appropriate testing.
- Oracle Database versions 220.127.116.11 and 18.104.22.168 on Windows can be patched using the patches provided by the Oracle Security Alert. 
- Oracle Database versions 22.214.171.124 on Windows and Unix or Linux can be patched by applying the July 2018 Critical Patch Update.