CVE-2018-3239

Name of the Vulnerable Software and Affected Versions PeopleSoft Enterprise PeopleTools versions 8.55 through 8.56

Description The issue is related to inadequate access control in the Integration Broker component of Oracle PeopleSoft Enterprise PeopleTools. This can be exploited by a remote attacker to gain unauthorized access to data using the HTTP protocol. Successful attacks may result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data.

Recommendations For versions 8.55 and 8.56, update to a version that includes fixes for the inadequate access control in the Integration Broker component to prevent unauthorized access. As a temporary workaround, consider restricting access to the Integration Broker component until a patch is available.