Critical Oracle Vulnerabilities

Multiple vulnerabilities have been reported in the Oracle products listed below. The packages SDO_GEOM, SDO_IDX, and SDO_UTIL do not properly sanitize input, this can allow the injection of arbitrary SQL code. Additionally there are issues with the DBMS_STATS_INTERNAL package. These issues could allow an attacker to gain DBA privileges. There are additional issues that remain unspecified. See Oracle’s original advisory at:

* Oracle Database 11g, version
* Oracle Database 10g Release 2, versions,
* Oracle Database 10g, version
* Oracle Database 9i Release 2, versions,
* Oracle Application Server 10g Release 3 (10.1.3), versions,
* Oracle Application Server 10g Release 2 (10.1.2), versions,,
* Oracle Application Server 10g (9.0.4), version
* Oracle Collaboration Suite 10g, version 10.1.2
* Oracle E-Business Suite Release 12, version 12.0.4
* Oracle E-Business Suite Release 11i, version
* Oracle PeopleSoft Enterprise PeopleTools versions 8.22.19, 8.48.16, 8.49.09
* Oracle PeopleSoft Enterprise HCM versions 8.8 SP1, 8.9, 9.0
* Oracle Siebel SimBuilder versions 7.8.2, 7.8.5