Various versions of Oracle products, including its database, application server and 11i E-Business Suite, are part of Tuesday's update, according to the company.
"A number of high-risk SQL injection and parameter manipulation security vulnerabilities in the Oracle E-Business Suite are corrected by the security patches released" Tuesday, said security company Integrigy, which produces tools for a number of enterprise applications from companies such as Oracle and PeopleSoft. "Customers with Internet-facing implementations of the Oracle E-Business Suite should consider applying these patches as soon as possible."
Chicago-based Integrigy added that "it is possible that an attacker with only a Web browser and a network connection (either internally or externally) to Oracle E-Business Suite Web application servers can execute malicious SQL statements in the database as the APPS database account."
Oracle's next update is scheduled for Oct. 18.
Renai LeMay of ZDNet Australia reported from Sydney.