Oracle Enterprise Manager SQL Injection
The vulnerability exists due to a lack of input validation from external users which will allow a malicious user to attack the Enterprise Manager (EM) application and run arbitrary SQL against the database. This can provide a user the opportunity to modify or glean potentially sensitive information as well as other potential attack scenarios, dependant on the specific customer user and database permissions.