Sh2Kerr

**Name of the Vulnerable Software and Affected Versions** Oracle Database versions 10.1.0.5 through 10.2.0.2 **Description** The issue affects confidentiality and integrity, potentially allowing remote authenticated users to gain privileges via unknown vectors. Researchers claim it may be a SQL injection vulnerability, specifically allowing access to MDSYS privileges through the `MDSYS.SDO TOPO DROP FTBL` trigger. **Recommendations** For Oracle Database versions 10.1.0.5 through 10.2.0.2, consider restricting access to the `MDSYS.SDO TOPO DROP FTBL` trigger as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.