Unrated severityNVD Advisory· Published Apr 15, 2009· Updated Apr 23, 2026

CVE-2009-0981

Description

Unspecified vulnerability in the Application Express component in Oracle Database 11.1.0.7 allows remote authenticated users to affect confidentiality, related to APEX. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue allows remote authenticated users to obtain APEX password hashes from the WWV_FLOW_USERS table via a SELECT statement.

Affected products

Oracle Corporation/Database 11g
cpe:2.3:a:oracle:database_11g:11.1.0.7:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.us-cert.gov/cas/techalerts/TA09-105A.htmlnvdUS Government Resource
osvdb.org/53738nvd
secunia.com/advisories/34693nvd
www.oracle.com/technetwork/topics/security/cpuapr2009-099563.htmlnvd
www.red-database-security.com/advisory/apex_password_hashes.htmlnvd
www.securityfocus.com/archive/1/502724/100/0/threadednvd
www.securityfocus.com/bid/34461nvd
www.securitytracker.com/idnvd
www.exploit-db.com/exploits/8456nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.026
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000