What?
"The flaw itself is found in the JavaVM component of Oracle Database Server and is not considered a remote code exploit flaw, as it requires the attacker have a connection to the server via Oracle Net, the protocol Oracle servers use to connect with client applications"
It's not a remote exploit, because it requires a connection to the server? That's the very definition of a remote exploit, ie. that it can be execute over a network connection, and does not require local access to the target.