An attacker with access to Oracle Database (or Oracle Enterprise Edition) could create a SQLite database that triggers SQL injection vulnerabilities in Oracle SQL Server.
The flaw can be exploited by an attacker who has administrative privileges.
The Oracle database could be accessed from an external website, such as a web server or FTP server, which could lead to remote code execution.
The vulnerability affects Oracle Database versions 11.6.x through 11.9.x.
The database has been released in two flavors, SQL Server Enterprise Edition and Oracle Database Server (or Enterprise Edition), with Oracle Enterprise Enterprise Edition offering better security features and support.
Oracle Database has been widely deployed since it was released in 2003.
An Oracle Enterprise edition database is an upgraded version of the database running on Oracle Server that is released for commercial and government customers.
Oracle Server is used to provide business software and cloud computing services.
It is a version of Oracle Database that is more secure and less prone to security vulnerabilities.
In recent years, Oracle has introduced new security measures to improve security, including a more robust authentication and encryption process.
Oracle has fixed several of the vulnerabilities and released updates that address some other known issues.
The most recent Oracle database security update for Oracle Database 10.6 was released on September 29.
Oracle Enterprise Security Advisory Advisory #1201096 for Oracle Oracle Enterprise Server (Oracle Enterprise Edition, or Oracle Enterprise) is issued by Oracle and is available at: https://support.oracle.com/en-us/article/index.aspx?topicId=1308855.
The advisory is available for download.
Oracle is not required to publish an advisory, but customers should update their software and databases to the latest security version.
Oracle recommends customers to install Oracle Database Security Update 2.5 or Oracle Database Advanced Security Update 5.1.
Customers can also upgrade their Oracle database through Oracle’s Oracle Enterprise Portal at https://go.oraconsoftware.com.
Oracle also publishes a comprehensive Oracle security advisory that covers the security vulnerabilities in all Oracle databases and versions.
Oracle security update FAQ Oracle Security Advisory: Oracle Security Bulletin #1201907.
Oracle Security Update: Oracle Database 5.6 (Oracle-related).
Oracle Security: Oracle Enterprise Update: Security update to Oracle Enterprise-level services and services for Oracle Enterprise Version 10.5.
Oracle Business Update: An update for customers who want to use Oracle Business Manager.
Oracle Bulletin: Oracle Bulletin #1228070.
Oracle Alert: Oracle Alert #1231314.
Oracle Information Security Advisory #113879.
Oracle Advisory: An Oracle Security Alert for Oracle Web Services 10.1-1.
Oracle Newsletters: Oracle News and Announcements: Oracle Newsletter.
Oracle Oracle Security Advisories: Oracle Business and Enterprise Security Advisors: Oracle Community: Oracle Cloud: Oracle Support.