[ERPSCAN-09-003] Oracle Database 11g — EXFSYS PL/SQL injection vulnerability

DSECRG Advisories

Application: Oracle database 11G
Versions Affected: Oracle and
Vendor URL: http://oracle.com
Bugs: PL/SQL Injections
Exploits: YES
Reported: 17.11.2008
Vendor response: 18.11.2008
Last response: 24.11.2008
Date of Public Advisory: 13.01.2009
Author: Alexandr Polyakov

Oracle Database 11G vulnerable to PL/SQL Injection. Vulnerability found in Extended filter system (EXFSYS).

Business Risk
Legal database user can escalate privileges and gain unauthorized access to business-critical data.