Is a database without the Spatial Component installed Vulnerable To CVE-2017-15095?
(Doc ID 2428282.1)
Last updated on APRIL 01, 2020
Applies to:Oracle Spatial and Graph - Version 22.214.171.124 and later
Information in this document applies to any platform.
Regarding CVE-2017-15095, which was fixed in July 2018 CPU for 126.96.36.199.
The CVE is related to component Oracle Spatial (jackson-databind).
Oracle Spatial component was removed from my database. Is it true that my database service is not vulnerable to CVE-2017-15095?
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document