Oracle.SYS.DBMS.CDC.PUBLISH.SQL.Injection

description-logoDescription

This indicates an attack attempt against a vulnerability in the SYS.DBMS_CDC_PUBLISH package of Oracle Database.
This vulnerability allows remote authenticated users to inject malicious SQL commands.

affected-products-logoAffected Products

Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6

Impact logoImpact

Attackers with EXECUTE privilege on the package SYS.DBMS_CDC_PUBLISH can execute arbitrary SQL commands with SYS privileges.

recomended-action-logoRecommended Actions

Apply the Oracle Critical Patch Update - October 2008, available at:

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)