Skip to main content

Oracle and BEA Products Multiple Code Execution Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 14 Jan 2009 5417 Views

RISK: Medium Risk

Multiple vulnerabilities have been identified in various Oracle and BEA products, which could be exploited by remote or local attackers to cause a denial of service, read and manipulate certain data, disclose sensitive information, conduct SQL injection attacks, bypass security restrictions, or execute arbitrary commands.

These issues are caused by errors in the Job Queue, Oracle OLAP, Oracle Spatial, Oracle Streams, SQL*Plus Windows GUI, TimesTen Data Server, Oracle Secure Backup, OC4J, Oracle BPEL Process Manager, Oracle Portal, Oracle JDeveloper, Collaborative Workspaces, Oracle Application Object Library, iProcurement, Oracle Applications Framework, Oracle Applications Platform Engineering, Oracle Enterprise Manager, PeopleSoft Enterprise Components, PeopleSoft Enterprise HRMS, PeopleSoft Enterprise Campus Solutions, ePerformance, JD Edwards Tools, WebLogic Server Plugins, WebLogic Portal and WebLogic Server.


Impact

  • Denial of Service
  • Remote Code Execution
  • Security Restriction Bypass
  • Information Disclosure

System / Technologies affected

  • Oracle Database 11g version 11.1.0.6
  • Oracle Database 10g Release 2 version 10.2.0.2
  • Oracle Database 10g Release 2 version 10.2.0.3
  • Oracle Database 10g Release 2 version 10.2.0.4
  • Oracle Database 10g version 10.1.0.5
  • Oracle Database 9i Release 2 version 9.2.0.8
  • Oracle Database 9i Release 2 version 9.2.0.8DV
  • Oracle Secure Backup version 10.2.0.2
  • Oracle Secure Backup version 10.2.0.3
  • Oracle Secure Backup version 10.1.0.1
  • Oracle Secure Backup version 10.1.0.2
  • Oracle Secure Backup version 10.1.0.3
  • Oracle TimesTen In-Memory Database version 7.0.5.1.0
  • Oracle TimesTen In-Memory Database version 7.0.5.2.0
  • Oracle TimesTen In-Memory Database version 7.0.5.3.0
  • Oracle TimesTen In-Memory Database version 7.0.5.4.0
  • Oracle Application Server 10g Release 3 (10.1.3) version 10.1.3.3.0
  • Oracle Application Server 10g Release 2 (10.1.2) version 10.1.2.2.0
  • Oracle Application Server 10g Release 2 (10.1.2) version 10.1.2.3.0
  • Oracle Collaboration Suite 10g version 10.1.2
  • Oracle E-Business Suite Release 12 version 12.0.6
  • Oracle E-Business Suite Release 11i version 11.5.10.2
  • Oracle Enterprise Manager Grid Control 10g Release 4 version 10.2.0.4
  • PeopleSoft Enterprise HRMS version 8.9
  • PeopleSoft Enterprise HRMS version 9.0
  • JD Edwards Tools version 8.97
  • Oracle WebLogic Server (formerly BEA WebLogic Server) 10.0 through MP1
  • Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 GA
  • Oracle WebLogic Server (formerly BEA WebLogic Server) 9.0 GA
  • Oracle WebLogic Server (formerly BEA WebLogic Server) 9.1 GA
  • Oracle WebLogic Server (formerly BEA WebLogic Server) 9.2 through MP3
  • Oracle WebLogic Server (formerly BEA WebLogic Server) 8.1 through SP6
  • Oracle WebLogic Server (formerly BEA WebLogic Server) 7.0 through SP7
  • Oracle WebLogic Portal (formerly BEA WebLogic Portal) 10.0 through MP1
  • Oracle WebLogic Portal (formerly BEA WebLogic Portal) 10.2 GA
  • Oracle WebLogic Portal (formerly BEA WebLogic Portal) 10.3 GA
  • Oracle WebLogic Portal (formerly BEA WebLogic Portal) 9.2 through MP3
  • Oracle WebLogic Portal (formerly BEA WebLogic Portal) 8.1 through SP6

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier


Source


Related Link