PT-2017-11339 · Oracle · Peoplesoft Enterprise Peopletools
Published
2017-10-19
·
Updated
2019-10-03
·
CVE-2017-10362
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
Oracle PeopleSoft Products version 8.54
Oracle PeopleSoft Products version 8.55
Oracle PeopleSoft Products version 8.56
Description
The issue allows an unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools, potentially impacting additional products. Successful attacks can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data and unauthorized ability to cause a partial denial of service of PeopleSoft Enterprise PeopleTools.
Recommendations
For version 8.54, update to a fixed version to mitigate the risk.
For version 8.55, update to a fixed version to mitigate the risk.
For version 8.56, update to a fixed version to mitigate the risk.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Peoplesoft Enterprise Peopletools