Thousands of customers in Fortune 500 enterprises are urged to patch or upgrade to remedy a security issue in BEA Tuxedo Administration Console. A problem with processing input arguments can allow denial of service, disclosure of file system information or cross-site scripting.
BEA Tuxedo provides middleware for building scalable enterprise applications in heterogeneous, distributed environments. The BEA Tuxedo administration console is a CGI application for remote administration of Tuxedo functions.
Vulnerable versions include BEA Tuxedo 8.1 and prior. A patch is available for Tuxedo 8.1, and previous versions should be upgraded to 8.1.