17 Oct 2012
Oracle Secure Global Desktop 4.x
Manipulation of data
This includes vulnerabilities where a user or a remote attacker can manipulate local data on a system, but not necessarily be able to gain escalated privileges or system access.
The most frequent type of vulnerabilities with this impact are SQL-injection vulnerabilities, where a malicious user or person can manipulate SQL queries.
A vulnerability has been reported in Oracle Secure Global Desktop, which can be exploited by malicious people to manipulate certain data.
The vulnerability is caused due to an unspecified error and can be exploited to update, insert, or delete certain data via HTTP.
The vulnerability is reported in version 4.6.
Apply updates (please see the vendor's advisory for details).
It is currently unclear who reported this vulnerability as the Oracle Critical Patch Update for October 2012 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information.