Some Oracle databases have what experts say is a serious flaw in the login system that a hacker can use to retrieve and change stored data. The flaw, in Oracle Database 11g Releases 1 and 2, leaves the token that is provided by the server before authentication is completed open to a brute-force attack. If successful, an attacker can gain access to the database. Oracle has patched the flaw, but is not planning a patch for the flawed version, 11.1, researcher Esteban Martinez Fayo says.”]
Source: https://www.csoonline.com/article/2132253/oracle-database-flaw-deemed-serious–could-expose-data.html