CVE-2019-2433

Name of the Vulnerable Software and Affected Versions Oracle PeopleSoft Products version 8.55 Oracle PeopleSoft Products version 8.56 Oracle PeopleSoft Products version 8.57

Description The issue is related to insufficient access control in the XML Publisher component of Oracle PeopleSoft Products, allowing a high-privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks can result in the takeover of PeopleSoft Enterprise PeopleTools.

Recommendations For version 8.55, update the XML Publisher component to address the insufficient access control issue. For version 8.56, update the XML Publisher component to address the insufficient access control issue. For version 8.57, update the XML Publisher component to address the insufficient access control issue. As a temporary workaround, consider restricting access to the XML Publisher component to minimize the risk of exploitation.