CVE-2010-3590

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 10.2.0.4, 11.1.0.7, and 11.2.0.1

Description The issue affects the confidentiality and integrity of the system, allowing remote authenticated users to exploit it. It is related to the MDSYS component in the Oracle Spatial component. Additionally, the current Oracle version has multiple issues that enable remote attackers to bypass security restrictions, execute arbitrary SQL commands, and access sensitive data.

Recommendations For Oracle Database Server version 10.2.0.4, update to a version that addresses the issue. For Oracle Database Server version 11.1.0.7, update to a version that addresses the issue. For Oracle Database Server version 11.2.0.1, update to a version that addresses the issue. As a temporary workaround, consider restricting access to sensitive data and limiting the execution of arbitrary SQL commands until a patch is available.