PT-2017-11343 · Oracle · Peoplesoft Enterprise Peopletools

Vahagn Vardanyan

Published

2017-10-19

Updated

2019-10-03

CVE-2017-10366

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PeopleSoft Enterprise PT PeopleTools versions 8.54 through 8.56

Description The issue allows an unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools, potentially resulting in a takeover. The attacker can exploit this issue easily.

Recommendations For versions 8.54 through 8.56, update to a version that contains a fix for this issue to prevent exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2017-10366

Affected Products

Peoplesoft Enterprise Peopletools

PT-2017-11343 · Oracle · Peoplesoft Enterprise Peopletools

CVE-2017-10366

Related Identifiers

Affected Products

References · 7