CVE-2014-2406

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 11.1.0.7 through 11.2.0.4 Oracle Database Server version 12.1.0.1

Description The issue affects the Core RDBMS component in Oracle Database Server, allowing remote authenticated users to compromise confidentiality, integrity, and availability. This is related to "Advisor" and "Select Any Dictionary" privileges. The vulnerability can be exploited to bypass security restrictions, execute arbitrary SQL commands, and gain access to sensitive data.

Recommendations For Oracle Database Server versions 11.1.0.7 through 11.2.0.4, consider restricting access to the Core RDBMS component until a patch is available. For Oracle Database Server version 12.1.0.1, restrict privileges related to "Advisor" and "Select Any Dictionary" to minimize the risk of exploitation. As a temporary workaround, consider disabling any functionality that allows remote authenticated users to execute arbitrary SQL commands until a patch is available.