Oracle has released a Security Alert Advisory for an Oracle Database vulnerability (CVE-2018-3110) in versions 11.2.0.4 and 12.2.0.1 on Windows.
The vulnerability carries a very high CVSS v3 base score of 9.9 (10 being the highest).
According to Oracle, an exploit of this vulnerability “can result in complete compromise of the Oracle Database and shell access to the underlying server. CVE-2018-3110 also affects Oracle Database version 12.1.0.2 on Windows as well as Oracle Database on Linux and Unix, however patches for those versions and platforms were included in the July 2018 CPU.”
Oracle recommends system admins patch without delay.