CVE-2012-0072

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 10.1.0.5 through 10.2.0.5 Oracle Database Server versions 11.1.0.7 Oracle Database Server versions 11.2.0.2

Description The issue allows remote attackers to affect availability and bypass security restrictions. Attackers can execute arbitrary SQL commands and gain access to sensitive data via unknown vectors.

Recommendations For Oracle Database Server versions 10.1.0.5 through 10.2.0.5, update to a version that addresses the security restrictions bypass and arbitrary SQL command execution issues. For Oracle Database Server version 11.1.0.7, update to a version that addresses the security restrictions bypass and arbitrary SQL command execution issues. For Oracle Database Server version 11.2.0.2, update to a version that addresses the security restrictions bypass and arbitrary SQL command execution issues. As a temporary workaround, consider restricting access to sensitive data and limiting the execution of SQL commands until a patch is available.