CVE-2003-0950

Name of the Vulnerable Software and Affected Versions PeopleSoft PeopleTools versions 8.1x through 8.4x

Description The issue allows remote attackers to execute arbitrary commands. This is achieved by uploading a file to the IClient Servlet and guessing the insufficiently random name of the directory used to store the file, which is based on system time. The attacker can then directly request the uploaded file.

Recommendations For versions 8.1x through 8.4x, consider restricting access to the IClient Servlet to minimize the risk of exploitation. As a temporary workaround, limit the ability to upload files to the servlet until a fix is available.