Remote Code Execution Vulnerability in Oracle Database Server and Enterprise Manager
CVE-2010-3600

Currently unrated

Key Information:

Vendor
Oracle
Vendor
CVE Published:
19 January 2011

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 75%

Summary

An unspecified vulnerability in the Client System Analyzer component of the Oracle Database Server versions 11.1.0.7 and 11.2.0.1, as well as Enterprise Manager Grid Control version 10.2.0.5, allows remote attackers to potentially compromise the confidentiality, integrity, and availability of affected systems. This issue may be linked to an exposed JSP script that permits XML uploads combined with NULL byte injections in an unspecified parameter, potentially leading to the execution of arbitrary code. Users are urged to apply security measures to protect their systems from potential exploits.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

References

EPSS Score

75% chance of being exploited in the next 30 days.

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.