CVE-2008-4000

Name of the Vulnerable Software and Affected Versions Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne versions 8.48.18 and 8.49.14

Description The issue affects confidentiality and integrity, potentially allowing remote attackers to bypass the lockout mechanism using brute force guessing of credentials. It may also involve a response discrepancy information leak when the password is correct.

Recommendations For versions 8.48.18 and 8.49.14, consider restricting access to sensitive areas of the application to minimize the risk of exploitation until a fix is available. As a temporary workaround, monitor login attempts closely to detect and prevent brute force attacks.