Not rendering correctly? View this email as a web page here.
Alert: Critical Oracle Database Server Vulnerability

US-CERT released a security alert on August 13th addressing a serious vulnerability in Oracle Database for both Windows and Unix/Linux. This is the second patch relating to CVE-2018-3110, so even if you heard about the Oracle patch in July, double-check your version! A new patch was released on August 10th for Windows for database versions and

Here’s the version breakdown:

  • Windows:
    • Version is vulnerable and can be fixed with the July 2018 critical patch update.
    • Versions and are vulnerable and can be fixed with the new August 10th patch.
  • Unix/Linux:
    • According to Oracle, all versions for Linux are vulnerable and can be fixed with the July 2018 critical patch update.

The exploit allows for total control and shell level access to the vulnerable database with little effort. It seems that a low privilege user account is required to perform the attack but remember that such accounts are more likely to be compromised in the first place. The CVE has a score of 9.9/10 and should be fixed as soon as possible.

The original security alert released by Oracle with links to patch information can be found here:

Stay cyber-safe,

SecuLore Support Team

SecuLore Solutions is a Public Safety company focused on cybersecurity - if you have concerns about your network, please contact us at or visit us at

Follow us on Twitter Follow us on Linkedin Follow us on Facebook