Oracle Enterprise Manager SQL Injection
- Published: 22 Jul 2011
Oracle Enterprise Manager SQL Injection
CVE-2011-0876
Share
Type
- Oracle Enterprise Manager SQL Injection Advisory
Severity
- Medium
Affected products
- Oracle Enterprise Manager
Date
- 2011-07-22
CVE Reference
- CVE-2011-0876
The vulnerability exists due to a lack of input validation from external users which will allow a malicious user to attack the Enterprise Manager (EM) application and run arbitrary SQL against the database. This can provide a user the opportunity to modify or glean potentially sensitive information as well as other potential attack scenarios, dependant on the specific customer user and database permissions.