CVE-2009-0981

Name of the Vulnerable Software and Affected Versions Oracle Database version 11.1.0.7

Description The issue affects confidentiality and is related to the APEX component in Oracle Database. It allows remote authenticated users to potentially obtain APEX password hashes from the WWV FLOW USERS table via a SELECT statement.

Recommendations For Oracle Database version 11.1.0.7, consider restricting access to the WWV FLOW USERS table as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.