Oracle has released a Security Alert Advisory for an Oracle Database vulnerability (CVE-2018-3110) in versions 18.104.22.168 and 22.214.171.124 on Windows.
The vulnerability carries a very high CVSS v3 base score of 9.9 (10 being the highest).
According to Oracle, an exploit of this vulnerability “can result in complete compromise of the Oracle Database and shell access to the underlying server. CVE-2018-3110 also affects Oracle Database version 126.96.36.199 on Windows as well as Oracle Database on Linux and Unix, however patches for those versions and platforms were included in the July 2018 CPU.”
Oracle recommends system admins patch without delay.