virus logo Intrusion Prevention

Oracle.E-Business.Suite.Business.SQL.Injection

description-logoDescription

Oracle E-Business Suite Business has an SQL-injection vulnerability. A remote attacker could execute arbitrary SQL commands in the back-end database via a specially-crafted HTTP request to the the APPS.ICXSUPWF.DisplayContacts package.

affected-products-logoAffected Products

Oracle E-Business Suite.

Impact logoImpact

SQL injection.

recomended-action-logoRecommended Actions

Currently we are not aware of any official supplied fix for this issue.
http://www.oracle.com

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2020-12-02 16.972
2019-11-22 15.729 Name:Oracle.
EBusiness.
Suite.
Business.
SQL.
Injection:Oracle.
E-Business.
Suite.
Business.
SQL.
Injection
ID 14506
Created Apr 23, 2007
Updated Dec 01, 2020
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Default Action drop
Active
Affected OS Windows, Linux
Affected App Oracle