A partner account manager can help. Contact us today.

 Subscribe me to your mailing list

[ERPSCAN-11-022] Oracle BI — WB_OLAP_AW_REMOVE_SOLVE_ID – privilege escalation

Application: Oracle BI
Versions Affected: Oracle BI (Oracle Warehouse Builder),
Vendor URL:
Bugs: PL/SQL Injection, privilege escalation
Exploits: YES
Reported: 20.04.2009
Vendor response: 22.04.2009
Last response: 12.04.2011
Date of Public Advisory: 16.06.2011
CVE: CVE-2011-0799
Author: Alexandr Polyakov

PL/SQL Injection vulnerability found in procedure OWBREPOS_OWNER.WB_RT_AUDIT_SHADOW_TABLE. Exploiting vulnerability in this procedure can give any user OWBREPOS_OWNER rights and then access to OS.

Business Risk
Legal database user can escalate privileges and gain unauthorized access to business-critical data stored in database and also gain a full access to operation system.