Skip to main content

Oracle Products Multiple Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 17 Jan 2008 5663 Views

RISK: Medium Risk

Multiple vulnerabilities have been identified in various Oracle products, which could be exploited by remote or local attackers to cause a denial of service, execute arbitrary commands, read and overwrite arbitrary data, disclose sensitive information, conduct SQL injection and cross site scripting attacks, or bypass security restrictions.

These issues are caused by errors in the XML DB, Advanced Queuing, Spatial, Upgrade/Downgrade, Ultra Search, Core RDBMS, Jinitiator, BPEL Worklist Application, Forms, JDeveloper, Internet Directory, Mobile Application Server, Application Object Library, Applications Framework, Applications Manager, CRM Technical Foundation, Applications Technology Stack and PeopleTools components.


Impact

  • Denial of Service
  • Security Restriction Bypass
  • Information Disclosure

System / Technologies affected

  • Oracle Database 11g version 11.1.0.6
  • Oracle Database 10g Release 2 version 10.2.0.2
  • Oracle Database 10g Release 2 version 10.2.0.3
  • Oracle Database 10g version 10.1.0.5
  • Oracle Database 9i Release 2 version 9.2.0.8
  • Oracle Database 9i Release 2 version 9.2.0.8DV
  • Oracle Database 9i version 9.0.1.5 FIPS+
  • Oracle Application Server 10g Release 3 (10.1.3) version 10.1.3.0.0
  • Oracle Application Server 10g Release 3 (10.1.3) version 10.1.3.1.0
  • Oracle Application Server 10g Release 3 (10.1.3) version 10.1.3.3.0
  • Oracle Application Server 10g Release 2 (10.1.2) version 10.1.2.0.2
  • Oracle Application Server 10g Release 2 (10.1.2) version 10.1.2.1.0
  • Oracle Application Server 10g Release 2 (10.1.2) version 10.1.2.2.0
  • Oracle Application Server 10g (9.0.4) version 9.0.4.3
  • Oracle Application Server 9i Release 1 version 1.0.2.2
  • Oracle Collaboration Suite 10g version 10.1.2
  • Oracle E-Business Suite Release 12 versions 12.0.0 through 12.0.3
  • Oracle E-Business Suite Release 11i versions 11.5.9 through 11.5.10 CU2
  • Oracle PeopleSoft Enterprise PeopleTools version 8.22
  • Oracle PeopleSoft Enterprise PeopleTools version 8.48
  • Oracle PeopleSoft Enterprise PeopleTools version 8.49

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier

  • No CVE information is available

Source


Related Link