Oracle.Database.SYS.LT.FINDRICSET.SQL.Injection
Description
This indicates an attempt to exploit an SQL injection vulnerability in Workspace Manager for Oracle Database.
This vulnerability is due to insufficient sanitization of the input parameter in the "SYS.LT.FINDRICSET" function. A remote authenticated attacker could exploit this vulnerability by embedding malicious SQL code as part of the vulnerable parameter.
Affected Products
Oracle Oracle9i Application Server 9.2 .8
Oracle Oracle10g Standard Edition 10.2 .3
Oracle Oracle10g Standard Edition 10.2 .2
Oracle Oracle10g Standard Edition 10.1 .0.5
Oracle Oracle10g Personal Edition 10.2 .3
Oracle Oracle10g Personal Edition 10.2 .2
Oracle Oracle10g Personal Edition 10.1 .5
Oracle Oracle10g Enterprise Edition 10.2 .3
Oracle Oracle10g Enterprise Edition 10.2 .2
Oracle Oracle10g Enterprise Edition 10.1 .5
Oracle Oracle10g Application Server 10.1.2 .0.1
HP Oracle for OpenView for Linux LTU Service Bureaus 0
HP Oracle for OpenView for Linux LTU 0
HP Oracle for OpenView 9.1.1
HP Oracle for OpenView 8.1.7
HP Oracle for OpenView 9.2
Impact
System compromise: privilege escalation.
Recommended Actions
Please see Oracle Critical Patch Update.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |