PT-2019-1188 · Oracle · Peoplesoft Enterprise Peopletools
Published
2019-01-15
·
Updated
2020-08-24
·
CVE-2019-2416
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Oracle PeopleSoft Products version 8.55
Oracle PeopleSoft Products version 8.56
Oracle PeopleSoft Products version 8.57
Description
The issue is related to insufficient access control in the PeopleSoft Enterprise PeopleTools component, specifically the Application Server subcomponent. This allows a low-privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools, potentially resulting in a takeover. The vulnerability can be easily exploited.
Recommendations
For version 8.55, update to a fixed version to resolve the issue.
For version 8.56, update to a fixed version to resolve the issue.
For version 8.57, update to a fixed version to resolve the issue.
As a temporary workaround, consider restricting access to the Application Server component until a patch is available.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Peoplesoft Enterprise Peopletools