Intrusion Prevention

Oracle.EBusiness.Suite.Business.SQL.Injection

Description

Oracle E-Business Suite Business has an SQL-injection vulnerability. A remote attacker could execute arbitrary SQL commands in the back-end database via a specially-crafted HTTP request to the the APPS.ICXSUPWF.DisplayContacts package.

Affected Products

Oracle E-Business Suite.

Impact

SQL injection.

Recommended Actions

Currently we are not aware of any official supplied fix for this issue.
http://www.oracle.com