Vladimir Zakharychev

**Name of the Vulnerable Software and Affected Versions** Oracle Database Server versions 9.2.0.7 through 10.1.0.5 Oracle Application Server versions 1.0.2.2 through 10.1.3.0.0 Oracle E-Business Suite and Applications version 11.5.10 Oracle Collaboration Suite versions 9.0.4.2 through 10.1.2.1 **Description** The issue allows attackers to bypass the PLSQLExclusion list, which is supposed to restrict access to certain packages and procedures. This bypass enables attackers to access excluded packages and procedures. **Recommendations** For Oracle Database Server versions 9.2.0.7 through 10.1.0.5, update to a version that includes a fix for this issue. For Oracle Application Server versions 1.0.2.2 through 10.1.3.0.0, update to a version that includes a fix for this issue. For Oracle E-Business Suite and Applications version 11.5.10, update to a version that includes a fix for this issue. For Oracle Collaboration Suite versions 9.0.4.2 through 10.1.2.1, update to a version that includes a fix for this issue.