SQL Injection Vulnerability in Oracle Database's Advanced Queuing Component
CVE-2009-0992

Currently unrated

Key Information:

Vendor: Oracle
Status: Database 10g; Database 11g
Vendor: CVE Published:; 15 April 2009

Summary

A vulnerability exists in the Advanced Queuing component of Oracle Database, allowing remote authenticated users to potentially impact data confidentiality and integrity via SQL injection. Specifically related to the DBMS_AQIN package, this vulnerability may permit unauthorized actions against queued messages, which could compromise the database's secure operations. Despite OE's silence on the SQL injection nature of this issue, it raises issues warranting urgent attention to safeguard database environments.

References

http://www.securityfocus.com/bid/34461

vdb-entryx_refsource_BID

http://secunia.com/advisories/34693

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/archive/1/502723/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Apr 15, 2009
Vulnerability Reserved
Mar 19, 2009