CVE-2017-10061

Name of the Vulnerable Software and Affected Versions Oracle PeopleSoft Products version 8.54 Oracle PeopleSoft Products version 8.55

Description The issue affects the PeopleSoft Enterprise PeopleTools component, specifically the Integration Broker subcomponent. It allows an unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks can result in unauthorized access to data, including update, insert, or delete access to some data, and read access to a subset of data. Additionally, attacks can cause a partial denial of service.

Recommendations For version 8.54, update to a fixed version to resolve the issue. For version 8.55, update to a fixed version to resolve the issue. As a temporary workaround, consider restricting access to the Integration Broker subcomponent to minimize the risk of exploitation.