• info
• discussion
• exploit
• solution
• references

Oracle Diagnostics Multiple Vulnerabilities

The Oracle Diagnostics module is susceptible to multiple vulnerabilities. These issues include insecure permissions, insecure default access, and SQL injection.

- Insecure-permissions vulnerability. This may allow remote attackers to gain access to potentially sensitive information that may aid them in further attacks.

- Default-access vulnerabilities. Successful exploits could allow an attacker to gain access to potentially sensitive information that may aid them in further attacks.

- Unspecified SQL-injection issues. Successful exploits could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

Oracle has released the 'Diagnostics Support Pack February 2006' with 'Oracle Diagnostics 2.3 RUP A' to address these vulnerabilities. This update addresses the vulnerabilities for supported releases. Earlier, unsupported releases are likely to be affected by the issues as well.

Other issues may have also been addressed with these fixes. This BID will be updated as further information is disclosed.