Vulnerability Note: VU#891644 Title: Oracle Database XML Database SQL Injection vulnerability Original Release Date: 2006-01-25 Last Revised: 2006-01-27 Overview Oracle Database XML Database (XML DB) is vulnerable to SQL injection, allowing remote attackers to execute arbitrary SQL commands. Impact Remote attackers may execute SQL queries on a server with elevated privileges, potentially viewing or modifying Oracle database contents. Solution Apply patches in the Oracle Critical Patch Update for January 2006. CVSS Metrics Severity Metric: 5.91 CVE ID CVE-2006-0272 References Oracle Critical Patch Update Oracle XML Database Documentation Red-Database-Security Advisory Integrigy Security Analysis