Oracle Products Exposed To Hackers

The most severe vulnerabilities give hackers the opportunity to execute any command they please, according to the alert issued by the Redwood Shores, Calif.-based software vendor.

Oracle has rated the mass security threat to its products at Level 1 severity, a rating that Oracle defines as: "The vulnerability is high risk and requires little specialized knowledge to exploit. Apply the patch and/or workaround to the affected products with the highest priority.

"There are no workarounds that fully address the security vulnerabilities that are the subject of this alert. Oracle strongly recommends that customers apply the available patches without delay," the alert states.

Oracle's menu of Database Server products, Application Server software and Enterprise Manager software nearly all contain some form of vulnerability. Oracle's Collaboration Suite and E-Business Suite 11i also contain vulnerable code and could be hacked, according to Oracle.

The vendor announced that only three of its supported products are free from all immediate threats--Oracle Database 10g Release 1, version 10.1.0.3; Oracle Enterprise Manager Grid Control 10g, version 10.1.0.3 (not yet available); and Oracle Application Server 10g (9.0.4), version 9.0.4.2 (not yet available).

Patch availability information can be found within Oracle's security alert.