6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.094 Low
EPSS
Percentile
94.7%
This vulnerability allows remote attackers to break out of the Java Sandbox implemented by Oracle’s relational database. Authentication is required in that a user must be able to create a Java stored procedure to trigger the issue. The specific flaw exists within Oracle’s custom SecurityManager implementation. Due to the implementation’s dependence on a flag of a particular object to determine success or failure of a privileged call, a race condition exists which will allow one to execute Java code bypassing the sandbox. Successful exploitation will allow an attacker to execute arbitrary code in the context of the server.