PT-2003-1142 · Peopletools · Application Messaging Gateway

Published

2003-02-07

Updated

2008-09-10

CVE-2002-1252

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Application Messaging Gateway for PeopleTools versions 8.1x through 8.18

Description The issue allows remote attackers to read arbitrary files via certain XML External Entities (XXE) fields in an HTTP POST request that is processed by the SimpleFileHandler handler.

Recommendations For versions 8.1x through 8.18, update to version 8.19 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-1252

Affected Products

Application Messaging Gateway

PT-2003-1142 · Peopletools · Application Messaging Gateway

CVE-2002-1252

Related Identifiers

Affected Products

References · 4