Oracle Job Scheduler Named Pipe Command Execution Vulnerability

  Severity: HIGH

  DESCRIPTION

An arbitrary command execution vulnerability exists in Oracle Job Scheduler. The Job Scheduler is implemented via the component extjob.exe which listens on a named pipe called "orcljsex" and execute arbitrary commands received over this channel via CreateProcess(). In order to connect to the Named Pipe remotely, SMB access is required.

  TREND MICRO PROTECTION INFORMATION

Apply associated Trend Micro DPI Rules.

  SOLUTION

  Trend Micro Deep Security DPI Rule Number: 1007699

Featured Stories