PT-2019-1231 · Oracle · Peoplesoft Enterprise Peopletools+1
Published
2019-01-16
·
Updated
2020-08-24
·
CVE-2019-2433
CVSS v2.0
8.3
High
| Vector | AV:N/AC:L/Au:M/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Oracle PeopleSoft Products version 8.55
Oracle PeopleSoft Products version 8.56
Oracle PeopleSoft Products version 8.57
Description
The issue is related to insufficient access control in the XML Publisher component of Oracle PeopleSoft Products, allowing a high-privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks can result in the takeover of PeopleSoft Enterprise PeopleTools.
Recommendations
For version 8.55, update the XML Publisher component to address the insufficient access control issue.
For version 8.56, update the XML Publisher component to address the insufficient access control issue.
For version 8.57, update the XML Publisher component to address the insufficient access control issue.
As a temporary workaround, consider restricting access to the XML Publisher component to minimize the risk of exploitation.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Oracle Peoplesoft Products
Peoplesoft Enterprise Peopletools