PT-2009-3563 · Oracle · Oracle Database
Alexander Kornbrust
·
Published
2009-04-15
·
Updated
2018-10-10
·
CVE-2009-0981
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Oracle Database version 11.1.0.7
Description
The issue affects confidentiality and is related to the APEX component in Oracle Database. It allows remote authenticated users to potentially obtain APEX password hashes from the WWV FLOW USERS table via a SELECT statement.
Recommendations
For Oracle Database version 11.1.0.7, consider restricting access to the WWV FLOW USERS table as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Oracle Database