Oracle warns of exploits for latest DB flaws

Oracle Corp. is warning customers to apply software patches it released in August, citing the availability of malicious code that can exploit unpatched vulnerabilities in its software.

The company acknowledged in a recent security alert describing the vulnerabilities that it has received notification that there are published exploits for “some of the issues” addressed in the alert. The company did not provide information about the exploits.

Oracle did not immediately respond to a request for comment on the reported exploits.

The security holes affect a number of Oracle products, including versions of its 8i, 9i and 10g Database, Application Server and Enterprise Manager software, according to a bulletin posted by Oracle on Aug. 31, which also released a patch for the vulnerabilities.

The exposure for vulnerabilities in Oracle’s Database Server and Application Server was described as “high” because attackers could take advantage of the flaws with network access, but without a valid user account and password. The hole in Enterprise Manager was rated a “medium” risk, because attackers would need both access to the network running the Enterprise Manager and a valid operating system user account on the machine running Enterprise Manager, Oracle said.

In September, the U.S. government’s Computer Emergency Response Team issued an alert about the flaws, noting that they could be used to shut down or take control of vulnerable systems running the software or to corrupt or steal data from the Oracle databases.

Oracle strongly recommends affected customers apply the software patches “without delay.”

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now