CVE-2008-2589

Name of the Vulnerable Software and Affected Versions Oracle Application Server versions 9.0.4.3 through 10.1.4.1

Description The issue has unknown impact and can be exploited remotely. It may be related to a SQL injection vulnerability in the WWV RENDER REPORT package, potentially allowing remote attackers to execute arbitrary SQL (PL/SQL) commands via the second argument to the SHOW procedure.

Recommendations For Oracle Application Server versions 9.0.4.3 through 10.1.4.1, consider restricting access to the WWV RENDER REPORT package as a temporary workaround until a patch is available. Avoid using the second argument to the SHOW procedure in the affected package to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.