19 Jul 2012
Oracle Portal 11.x
Manipulation of data
This includes vulnerabilities where a user or a remote attacker can manipulate local data on a system, but not necessarily be able to gain escalated privileges or system access.
The most frequent type of vulnerabilities with this impact are SQL-injection vulnerabilities, where a malicious user or person can manipulate SQL queries.
A vulnerability has been reported in Oracle Portal, which can be exploited by malicious people to manipulate certain data.
The vulnerability is caused due to an unspecified error and can be exploited to manipulate certain Portal accessible data.
The vulnerability is reported in version 11.1.
Apply updates (please see the vendor's advisory for details).
It is currently unclear who reported this vulnerability as the Oracle Critical Patch Update for July 2012 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information.