PT-2017-15982 · Oracle · Peoplesoft Enterprise Peopletools
Nadya Krivdyuk
·
Published
2017-04-24
·
Updated
2026-06-13
·
CVE-2017-3548
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
PeopleSoft Enterprise PeopleTools versions 8.54 and 8.55
Description
An issue exists in the Integration Broker subcomponent of PeopleSoft Enterprise PeopleTools. An unauthenticated attacker with network access via HTTP can compromise the system. Successful exploitation may lead to unauthorized read access to a subset of accessible data and the ability to cause a partial denial of service (DOS), which is a condition where the system becomes partially unavailable to its intended users.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Peoplesoft Enterprise Peopletools