• Oracle Database Server 10g Release 1, versions 10.1.0.3, 10.1.0.4
• Oracle9i Database Server Release 2, versions 9.2.0.5, 9.2.0.6, 9.2.0.7
• Oracle8i Database Server Release 3, version 8.1.7.4
• Oracle Enterprise Manager 10g Grid Control, versions 10.1.0.3, 10.1.0.4
• Oracle Application Server 10g Release 2, versions 10.1.2.0.0, 10.1.2.0.1, 10.1.2.0.2
• Oracle Application Server 10g Release 1 9.0.4 , versions 9.0.4.1, 9.0.4.2
• Oracle Collaboration Suite 10g Release 1, version 10.1.1
• Oracle9i Collaboration Suite Release 2, version 9.0.4.2
• Oracle E-Business Suite Release 11i, versions 11.5.1 through 11.5.10 and 11.5.10 CU2
• Oracle E-Business Suite Release 11.0
• Oracle Clinical, versions 4.5.0 and 4.5.1
• PeopleSoft Enterprise Tools, versions 8.1 through 8.46.03
• PeopleSoft CRM, versions 8.81 through 8.9
• JD Edwards EnterpriseOne, OneWorld XE, versions 8.95_B1, 8.94_Q1, SP23_K1
• Oracle Database Server 10g Release 1, version 10.1.0.4.2
• Oracle Developer Suite, versions 9.0.2.1, 9.0.4.1, 9.0.4.2, 10.1.2.0
• Oracle Enterprise Manager Application Server Control, versions 9.0.4.1, 9.0.4.2
• Oracle Enterprise Manager 10g Database Control, versions 10.1.0.3, 10.1.0.4
• Oracle Workflow, versions 11.5.1 through 11.5.9.5
• Oracle9i Database Server Release 1, versions 9.0.1.4, 9.0.1.5, 9.0.1.5 FIPS
• Oracle8 Database Server Release 8.0.6, version 8.0.6.3
• Oracle9i Application Server Release 2, versions 9.0.2.3, 9.0.3.1
• Oracle9i Application Server Release 1, version 1.0.2.2

Many Vulnerabilities exists in Oracle Database and Application Server could allow unauthenticated, remote code execution, information disclosure, cross-site scripting attacks, or potentially to compromise a vulnerable system, and denial of service.

Impact

The Impact of these vulnerabilities may include remote execution of arbitrary code or commands, information disclosure, and denial of service. The Impact depend on the product, component, and configuration of the system.

Several vulnerabilities exist in Oracle Database and Application Server. A remote user can exploit these vulnerabilities to disclose sensitive information, gain escalated privileges, conduct PL/SQL injection attacks, and manipulate information.

Information is available that vulnerability exists in the following Modules/Components of oracle products.

• Oracle Application Server SQL*ReportWriter vulnerability
• Oracle Application Server Web Cache vulnerability
• Oracle E-Business Suite Applications Technology Stack vulnerability
• Oracle Application Server Internet Directory vulnerability
• Oracle Human Resource Management System vulnerability
• Oracle E-Business Suite Applications Utilities vulnerability
• Oracle Database Server buffer overflow in Security Component

Further details on these vulnerabilities are not available. According to oracle an attacker could exploit these vulnerabilities, which may results in compromise system confidentiality and integrity.