PT-2003-2145 · Oracle · Oracle9I Application Server

Publicado

2003-11-03

Atualizado

2017-07-11

CVE-2003-1193

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Oracle Oracle9i Application Server versions 9.0.2.00 through 3.0.9.8.5

Description The issue concerns multiple SQL injection vulnerabilities in various components of Oracle Oracle9i Application Server, including the Portal DB's List of Values (LOVs), Forms, Hierarchy, and XML components packages. These vulnerabilities allow remote attackers to execute arbitrary SQL commands via the URL.

Recommendations For Oracle Oracle9i Application Server versions 9.0.2.00 through 3.0.9.8.5, update to a version that includes the necessary security patches to fix the SQL injection vulnerabilities in the affected components.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2003-1193

Produtos afetados

Oracle9I Application Server

PT-2003-2145 · Oracle · Oracle9I Application Server

CVE-2003-1193

Identificadores relacionados

Produtos afetados

Referências · 5