A security research firm has reported details of six vulnerabilities in products from Oracle that were not fixed in the supplier’s last round of patches.
Oracle last week issued fixes for almost 50 vulnerabilities in its products as part of its quarterly patching cycle, but Red-Database-Security has published details of additional flaws in Oracle Reports, Oracle Forms and other Oracle software.
The security company said it had warned Oracle of the security holes around two years ago and published details after growing impatient over a lack of action by Oracle.
Along with details of the threats, the security company provided users with workarounds to stop attackers exploiting the vulnerabilities.
Three of the bugs were described by Red-Database-Security as “high risk”. One allows a hacker to overwrite files in Oracle Application Server (Oracle Reports is a component of this solution).
Red-Database-Security said Oracle had acknowledged the threats. Oracle is considering whether to issue patches in the future.
More details of the potential vulnerabilities can be found at: