Intrusion Prevention

Oracle.Evil.View.Change.Password

Description

Multiple vulnerabilities have been identified in Oracle Database, including SQL injection issues and unauthorized operation issues. These vulnerabilities could be exploited by remote unauthorized attackers to arbitrarily manipulate data in database.

Affected Products

Oracle Corporation: Oracle Application Express 1.5 - 2.2
Oracle Corporation: Oracle Application Server 10g 9.0.4.3
Oracle Corporation: Oracle Application Server 10g Release 2 10.1.2.0.1
Oracle Corporation: Oracle Application Server 10g Release 2 10.1.2.0.2
Oracle Corporation: Oracle Application Server 10g Release 2 10.1.2.1.0
Oracle Corporation: Oracle Application Server 10g Release 2 10.1.2.2.0
Oracle Corporation: Oracle Application Server 10g Release 3 10.1.3.0.0
Oracle Corporation: Oracle Application Server 10g Release 3 10.1.3.1.0
Oracle Corporation: Oracle Application Server 10g Release 3 10.1.3.2.0
Oracle Corporation: Oracle Application Server 10g Release 3 10.1.3.3.0
Oracle Corporation: Oracle Collaboration Suite 10g Release 1 10.1.2.0
Oracle Corporation: Oracle Database 10g Release 1 10.1.0.5
Oracle Corporation: Oracle Database 10g Release 2 10.2.0.2
Oracle Corporation: Oracle Database 10g Release 2 10.2.0.3
Oracle Corporation: Oracle E-Business Suite Release 11i 11.5.8 - 11.5.10 CU2
Oracle Corporation: Oracle E-Business Suite Release 12 12.0.0
Oracle Corporation: Oracle E-Business Suite Release 12 12.0.1
Oracle Corporation: Oracle PeopleSoft Ent Customer Rel Mgmt 8.9
Oracle Corporation: Oracle PeopleSoft Ent Customer Rel Mgmt 9.0
Oracle Corporation: Oracle PeopleSoft Ent Human Capital Mgmt 8.9
Oracle Corporation: Oracle PeopleSoft Ent Human Capital Mgmt 9.0
Oracle Corporation: Oracle PeopleSoft Enterprise PeopleTools 8.22
Oracle Corporation: Oracle PeopleSoft Enterprise PeopleTools 8.47
Oracle Corporation: Oracle PeopleSoft Enterprise PeopleTools 8.48
Oracle Corporation: Oracle PeopleSoft Enterprise PeopleTools 8.49
Oracle Corporation: Oracle Secure Enterprise Search 10g 10.1.6
Oracle Corporation: Oracle Secure Enterprise Search 10g 10.1.8
Oracle Corporation: Oracle9i Application Server Release 1 1.0.2.2
Oracle Corporation: Oracle9i Database Release 1 9.0.1.5 FIPS+
Oracle Corporation: Oracle9i Database Release 2 9.2.0.7
Oracle Corporation: Oracle9i Database Release 2 9.2.0.8
Oracle Corporation: Oracle9i Database Release 2 9.2.0.8DV
Oracle Corporation: Oracle Application Express 1.5 - 2.2
Oracle Corporation: Oracle Application Server 10g 9.0.4.3
Oracle Corporation: Oracle Application Server 10g Release 2 10.1.2.0.1
Oracle Corporation: Oracle Application Server 10g Release 2 10.1.2.0.2
Oracle Corporation: Oracle Application Server 10g Release 2 10.1.2.1.0
Oracle Corporation: Oracle Application Server 10g Release 2 10.1.2.2.0
Oracle Corporation: Oracle Application Server 10g Release 3 10.1.3.0.0
Oracle Corporation: Oracle Application Server 10g Release 3 10.1.3.1.0
Oracle Corporation: Oracle Application Server 10g Release 3 10.1.3.2.0
Oracle Corporation: Oracle Application Server 10g Release 3 10.1.3.3.0
Oracle Corporation: Oracle Collaboration Suite 10g Release 1 10.1.2.0
Oracle Corporation: Oracle Database 10g Release 1 10.1.0.5
Oracle Corporation: Oracle Database 10g Release 2 10.2.0.2
Oracle Corporation: Oracle Database 10g Release 2 10.2.0.3
Oracle Corporation: Oracle E-Business Suite Release 11i 11.5.8 - 11.5.10 CU2
Oracle Corporation: Oracle E-Business Suite Release 12 12.0.0
Oracle Corporation: Oracle E-Business Suite Release 12 12.0.1
Oracle Corporation: Oracle PeopleSoft Ent Customer Rel Mgmt 8.9
Oracle Corporation: Oracle PeopleSoft Ent Customer Rel Mgmt 9.0
Oracle Corporation: Oracle PeopleSoft Ent Human Capital Mgmt 8.9
Oracle Corporation: Oracle PeopleSoft Ent Human Capital Mgmt 9.0
Oracle Corporation: Oracle PeopleSoft Enterprise PeopleTools 8.22
Oracle Corporation: Oracle PeopleSoft Enterprise PeopleTools 8.47
Oracle Corporation: Oracle PeopleSoft Enterprise PeopleTools 8.48
Oracle Corporation: Oracle PeopleSoft Enterprise PeopleTools 8.49
Oracle Corporation: Oracle Secure Enterprise Search 10g 10.1.6
Oracle Corporation: Oracle Secure Enterprise Search 10g 10.1.8
Oracle Corporation: Oracle9i Application Server Release 1 1.0.2.2
Oracle Corporation: Oracle9i Database Release 1 9.0.1.5 FIPS+
Oracle Corporation: Oracle9i Database Release 2 9.2.0.7
Oracle Corporation: Oracle9i Database Release 2 9.2.0.8
Oracle Corporation: Oracle9i Database Release 2 9.2.0.8DV

Impact

Privilege escalation.

Recommended Actions

The vendor has released a patch to fix this issue. Please refer to its website for more information.

Coverage

IPS (Regular DB)
IPS (Extended DB)

ID	14906
Created	Aug 21, 2007
Updated	Nov 03, 2021
Risk
CVE ID	CVE-2007-3855
Exploit Prediction Score	92.81%
Default Action	drop
Active
Affected OS	Windows, Linux
Affected App	Oracle

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Intrusion Prevention

Oracle.Evil.View.Change.Password

Description

Affected Products

Impact

Recommended Actions

Telemetry

Coverage

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

Intrusion Prevention

Oracle.Evil.View.Change.Password

Description

Affected Products

Impact

Recommended Actions

Telemetry

Coverage

Threat Intelligence
Center