Oracle WebLogic Server Node Manager 'beasvc.exe' Remote Command Execution Vulnerability

Published: 2010-02-14 11:35:00
CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Solution Type:
Vendor Patch

Detection Type:
Remote Banner Unreliable

Recommendations:
Vendor updates are available. Please see the vendor advisory for details.

Summary:
Oracle WebLogic Server is prone to a remote command-execution vulnerability because the software fails to restrict access to sensitive commands. Successful attacks can compromise the affected software and possibly the computer. Oracle WebLogic Server 10.3.2 is vulnerable, other versions may also be affected.

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2010-0073

SecurityFocus Bugtraq ID:

https://www.securityfocus.com/bid/37926

References:

http://www.securityfocus.com/bid/37926
http://intevydis.blogspot.com/2010/01/oracle-weblogic-1032-node-manager-fun.html
http://blogs.oracle.com/security/2010/02/security_alert_for_cve-2010-00.html
http://www.oracle.com/technology/products/weblogic/index.html
http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0073.html

Search
Severity
High
CVSS Score
10.0

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.