PT-2019-1188 · Oracle · Peoplesoft Enterprise Peopletools
Publicado
2019-01-15
·
Atualizado
2020-08-24
·
CVE-2019-2416
CVSS v2.0
9.0
Alta
| Vetor | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Oracle PeopleSoft Products version 8.55
Oracle PeopleSoft Products version 8.56
Oracle PeopleSoft Products version 8.57
Description
The issue is related to insufficient access control in the PeopleSoft Enterprise PeopleTools component, specifically the Application Server subcomponent. This allows a low-privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools, potentially resulting in a takeover. The vulnerability can be easily exploited.
Recommendations
For version 8.55, update to a fixed version to resolve the issue.
For version 8.56, update to a fixed version to resolve the issue.
For version 8.57, update to a fixed version to resolve the issue.
As a temporary workaround, consider restricting access to the Application Server component until a patch is available.
Correção
Improper Access Control
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Peoplesoft Enterprise Peopletools