Advisory: Oracle Enterprise Manager SQL Injection

Affected Products

Oracle Enterprise Manager

CVE

CVE-2011-0876

The vulnerability exists due to a lack of input validation from external users which will allow a malicious user to attack the Enterprise Manager (EM) application and run arbitrary SQL against the database. This can provide a user the opportunity to modify or glean potentially sensitive information as well as other potential attack scenarios, dependant on the specific customer user and database permissions.