CVE-2009-1968

Name of the Vulnerable Software and Affected Versions: Oracle Database version 10.1.8.3

Description: The issue affects the integrity of the system, potentially allowing remote attackers to exploit it via unknown vectors. There are claims from a researcher that this could be related to cross-site scripting (XSS) via the search p groups parameter in the "search/query/search" endpoint.

Recommendations: For Oracle Database version 10.1.8.3, consider restricting access to the Secure Enterprise Search component until a fix is available. As a temporary workaround, avoid using the search p groups parameter in the search/query/search endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.