PT-2003-2145 · Oracle · Oracle9I Application Server

Published

2003-11-03

Updated

2017-07-11

CVE-2003-1193

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Oracle Oracle9i Application Server versions 9.0.2.00 through 3.0.9.8.5

Description The issue concerns multiple SQL injection vulnerabilities in various components of Oracle Oracle9i Application Server, including the Portal DB's List of Values (LOVs), Forms, Hierarchy, and XML components packages. These vulnerabilities allow remote attackers to execute arbitrary SQL commands via the URL.

Recommendations For Oracle Oracle9i Application Server versions 9.0.2.00 through 3.0.9.8.5, update to a version that includes the necessary security patches to fix the SQL injection vulnerabilities in the affected components.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2003-1193

Affected Products

Oracle9I Application Server

PT-2003-2145 · Oracle · Oracle9I Application Server

CVE-2003-1193

Related Identifiers

Affected Products

References · 5