Various versions of Oracle products, including its database, application server and 11i E-Business Suite, are part of Tuesday's update, according to the company.
"A number of high-risk SQL injection and parameter manipulation security vulnerabilities in the Oracle E-Business Suite are corrected by the security patches released" Tuesday, said security company Integrigy, which produces tools for a number of enterprise applications from companies such as Oracle and PeopleSoft. "Customers with Internet-facing implementations of the Oracle E-Business Suite should consider applying these patches as soon as possible."
Chicago-based Integrigy added that "it is possible that an attacker with only a Web browser and a network connection (either internally or externally) to Oracle E-Business Suite Web application servers can execute malicious SQL statements in the database as the APPS database account."
Oracle's next update is scheduled for Oct. 18.