Pete Finnigan

**Name of the Vulnerable Software and Affected Versions** Oracle versions 8i through 10g **Description** The issue concerns the DIRECTORY objects in the affected Oracle versions, which store the location of a specific operating system directory. This allows users with read privileges to a DIRECTORY object to access sensitive information. **Recommendations** For Oracle versions 8i through 10g, restrict read access to DIRECTORY objects to prevent unauthorized users from obtaining sensitive information. Consider revoking read privileges from users who do not require them.

**Name of the Vulnerable Software and Affected Versions** Oracle TopLink Mapping WorkBench (affected versions not specified) **Description** The issue concerns the use of a weak encryption algorithm for passwords in Oracle TopLink Mapping WorkBench, allowing local users to decrypt the passwords. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.