Oracle Application Server/E-Business Suite Product Forms Component SQL Injection
Local Access Required,
Remote / Network Access
Loss of Confidentiality,
Loss of Integrity
Oracle Application Server and E-Business Suite contain a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the Query/Where component of the Forms module allowing input which is not properly sanitized and may allow an attacker to inject or manipulate SQL queries.
Currently, there are no known workarounds or upgrades to correct this issue. However, Oracle has released a patch to address this vulnerability.