Allround Automations PL/SQL Developer 11 before 11.0.6 relies on unverified HTTP data for updates, which allows man-in-the-middle attackers to execute arbitrary code by modifying fields in the client-server data stream.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-345,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| allroundautomations | pl/sql_developer | 11.0.2 |
| allroundautomations | pl/sql_developer | 11.0.4 |
| allroundautomations | pl/sql_developer | 11.0 |
| allroundautomations | pl/sql_developer | 11.0.5 |
| allroundautomations | pl/sql_developer | 11.0.3 |
| allroundautomations | pl/sql_developer | 11.0.1 |