Oracle.Evil.View.Change.Password
Description
Multiple vulnerabilities have been identified in Oracle Database, including SQL injection issues and unauthorized operation issues. These vulnerabilities could be exploited by remote unauthorized attackers to arbitrarily manipulate data in database.
Affected Products
Oracle Corporation: Oracle Application Express 1.5 - 2.2
Oracle Corporation: Oracle Application Server 10g 9.0.4.3
Oracle Corporation: Oracle Application Server 10g Release 2 10.1.2.0.1
Oracle Corporation: Oracle Application Server 10g Release 2 10.1.2.0.2
Oracle Corporation: Oracle Application Server 10g Release 2 10.1.2.1.0
Oracle Corporation: Oracle Application Server 10g Release 2 10.1.2.2.0
Oracle Corporation: Oracle Application Server 10g Release 3 10.1.3.0.0
Oracle Corporation: Oracle Application Server 10g Release 3 10.1.3.1.0
Oracle Corporation: Oracle Application Server 10g Release 3 10.1.3.2.0
Oracle Corporation: Oracle Application Server 10g Release 3 10.1.3.3.0
Oracle Corporation: Oracle Collaboration Suite 10g Release 1 10.1.2.0
Oracle Corporation: Oracle Database 10g Release 1 10.1.0.5
Oracle Corporation: Oracle Database 10g Release 2 10.2.0.2
Oracle Corporation: Oracle Database 10g Release 2 10.2.0.3
Oracle Corporation: Oracle E-Business Suite Release 11i 11.5.8 - 11.5.10 CU2
Oracle Corporation: Oracle E-Business Suite Release 12 12.0.0
Oracle Corporation: Oracle E-Business Suite Release 12 12.0.1
Oracle Corporation: Oracle PeopleSoft Ent Customer Rel Mgmt 8.9
Oracle Corporation: Oracle PeopleSoft Ent Customer Rel Mgmt 9.0
Oracle Corporation: Oracle PeopleSoft Ent Human Capital Mgmt 8.9
Oracle Corporation: Oracle PeopleSoft Ent Human Capital Mgmt 9.0
Oracle Corporation: Oracle PeopleSoft Enterprise PeopleTools 8.22
Oracle Corporation: Oracle PeopleSoft Enterprise PeopleTools 8.47
Oracle Corporation: Oracle PeopleSoft Enterprise PeopleTools 8.48
Oracle Corporation: Oracle PeopleSoft Enterprise PeopleTools 8.49
Oracle Corporation: Oracle Secure Enterprise Search 10g 10.1.6
Oracle Corporation: Oracle Secure Enterprise Search 10g 10.1.8
Oracle Corporation: Oracle9i Application Server Release 1 1.0.2.2
Oracle Corporation: Oracle9i Database Release 1 9.0.1.5 FIPS+
Oracle Corporation: Oracle9i Database Release 2 9.2.0.7
Oracle Corporation: Oracle9i Database Release 2 9.2.0.8
Oracle Corporation: Oracle9i Database Release 2 9.2.0.8DV
Oracle Corporation: Oracle Application Express 1.5 - 2.2
Oracle Corporation: Oracle Application Server 10g 9.0.4.3
Oracle Corporation: Oracle Application Server 10g Release 2 10.1.2.0.1
Oracle Corporation: Oracle Application Server 10g Release 2 10.1.2.0.2
Oracle Corporation: Oracle Application Server 10g Release 2 10.1.2.1.0
Oracle Corporation: Oracle Application Server 10g Release 2 10.1.2.2.0
Oracle Corporation: Oracle Application Server 10g Release 3 10.1.3.0.0
Oracle Corporation: Oracle Application Server 10g Release 3 10.1.3.1.0
Oracle Corporation: Oracle Application Server 10g Release 3 10.1.3.2.0
Oracle Corporation: Oracle Application Server 10g Release 3 10.1.3.3.0
Oracle Corporation: Oracle Collaboration Suite 10g Release 1 10.1.2.0
Oracle Corporation: Oracle Database 10g Release 1 10.1.0.5
Oracle Corporation: Oracle Database 10g Release 2 10.2.0.2
Oracle Corporation: Oracle Database 10g Release 2 10.2.0.3
Oracle Corporation: Oracle E-Business Suite Release 11i 11.5.8 - 11.5.10 CU2
Oracle Corporation: Oracle E-Business Suite Release 12 12.0.0
Oracle Corporation: Oracle E-Business Suite Release 12 12.0.1
Oracle Corporation: Oracle PeopleSoft Ent Customer Rel Mgmt 8.9
Oracle Corporation: Oracle PeopleSoft Ent Customer Rel Mgmt 9.0
Oracle Corporation: Oracle PeopleSoft Ent Human Capital Mgmt 8.9
Oracle Corporation: Oracle PeopleSoft Ent Human Capital Mgmt 9.0
Oracle Corporation: Oracle PeopleSoft Enterprise PeopleTools 8.22
Oracle Corporation: Oracle PeopleSoft Enterprise PeopleTools 8.47
Oracle Corporation: Oracle PeopleSoft Enterprise PeopleTools 8.48
Oracle Corporation: Oracle PeopleSoft Enterprise PeopleTools 8.49
Oracle Corporation: Oracle Secure Enterprise Search 10g 10.1.6
Oracle Corporation: Oracle Secure Enterprise Search 10g 10.1.8
Oracle Corporation: Oracle9i Application Server Release 1 1.0.2.2
Oracle Corporation: Oracle9i Database Release 1 9.0.1.5 FIPS+
Oracle Corporation: Oracle9i Database Release 2 9.2.0.7
Oracle Corporation: Oracle9i Database Release 2 9.2.0.8
Oracle Corporation: Oracle9i Database Release 2 9.2.0.8DV
Impact
Privilege escalation.
Recommended Actions
The vendor has released a patch to fix this issue. Please refer to its website for more information.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |