Discussions
Categories
- 17.9K All Categories
- 3.4K Industry Applications
- 3.3K Intelligent Advisor
- 62 Insurance
- 536K On-Premises Infrastructure
- 138.2K Analytics Software
- 38.6K Application Development Software
- 5.7K Cloud Platform
- 109.4K Database Software
- 17.5K Enterprise Manager
- 8.8K Hardware
- 71.1K Infrastructure Software
- 105.2K Integration
- 41.5K Security Software
Java and Oracle Database CVE's
Hello.
Hope Oracle team will help me with a few questions about Oracle Database/Oracle Database Client and Java inside it, because i need it official.
As I understand Java is a component in Oracle Database/Oracle Database software.
We have Oracle Database Client 19c installed and separately installed Java 8_275 on the host. Then we identified that on the location of Oracle Database Client 19c (/u01/app/oracle/product/19.0.0/client_1/jdk/bin/java) Java version is 8_201 and it's likely vilnerable to such CVE's:
CVE-2020-14664
CVE-2020-14583
CVE-2020-14593
CVE-2020-14562
CVE-2020-14621
CVE-2020-14556
CVE-2020-14573
CVE-2020-14581
CVE-2020-14578
CVE-2020-14579
CVE-2020-14577
In my opinion if the component is vulnerable then the software is vulnerable and the host is vulnerable too.
But by the official article (https://www.oracle.com/security-alerts/cpujul2020.html) only Java itself is vulnerable to this CVE's.
So the main question - is the Java inside Oracle Database or Oracle Database Client vulnerable to listed CVE's and is the host vulnerable to listed CVE's?