PT-2008-5323 · Oracle · Oracle Peoplesoft Enterprise+1

Published

2008-10-14

Updated

2018-10-11

CVE-2008-4000

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne versions 8.48.18 and 8.49.14

Description The issue affects confidentiality and integrity, potentially allowing remote attackers to bypass the lockout mechanism using brute force guessing of credentials. It may also involve a response discrepancy information leak when the password is correct.

Recommendations For versions 8.48.18 and 8.49.14, consider restricting access to sensitive areas of the application to minimize the risk of exploitation until a fix is available. As a temporary workaround, monitor login attempts closely to detect and prevent brute force attacks.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2008-4000

Affected Products

Jd Edwards Enterpriseone

Oracle Peoplesoft Enterprise

PT-2008-5323 · Oracle · Oracle Peoplesoft Enterprise+1

CVE-2008-4000

Related Identifiers

Affected Products

References · 7