Description

PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to bypass authentication for a Database Access Descriptor (DAD) by modifying the URL to reference an alternate DAD that already has valid credentials.

Remediation

References

CVE-2002-0564

Related Vulnerabilities

WordPress Plugin Form Maker by 10Web-Mobile-Friendly Drag & Drop Contact Form Builder Unspecified Vulnerability (1.7.56)

Oracle Database Server SYS Account privilege issue (CVE-2021-2000)

WordPress Plugin Online Lesson Booking Multiple Vulnerabilities (0.8.6)

Joomla! Core 3.x.x Security Bypass (3.2.0 - 3.9.4)

MySQL CVE-2021-35618 Vulnerability (CVE-2021-35618)

Severity

High

Classification

CVE-2002-0564

Tags

Missing Update Known Vulnerabilities