Remote Code Execution Vulnerability in Oracle Database Server and Enterprise Manager
CVE-2010-3600
Key Information:
- Vendor
- Oracle
- Vendor
- CVE Published:
- 19 January 2011
Badges
Summary
An unspecified vulnerability in the Client System Analyzer component of the Oracle Database Server versions 11.1.0.7 and 11.2.0.1, as well as Enterprise Manager Grid Control version 10.2.0.5, allows remote attackers to potentially compromise the confidentiality, integrity, and availability of affected systems. This issue may be linked to an exposed JSP script that permits XML uploads combined with NULL byte injections in an unspecified parameter, potentially leading to the execution of arbitrary code. Users are urged to apply security measures to protect their systems from potential exploits.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
EPSS Score
75% chance of being exploited in the next 30 days.
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved