Oracle PeopleSoft Product Multiple Vulnerabilites.——漏洞银行丨0DAY BANK

Oracle's PeopleSoft applications are designed to address the most complex business requirements.

Multiple vulnerabilities were reported in Oracle PeopleSoft Products. A remote user can access data on the target system. A remote user can modify data on the target system.
A remote authenticated user can exploit a flaw in the PeopleSoft Enterprise SCM Purchasing Supplier Change component to partially access and partially modify data [CVE-2016-0591].
A remote user can exploit a flaw in the PeopleSoft Enterprise PeopleTools Fluid Homepage and NavBar component to partially modify data [CVE-2016-0460].
A remote user can exploit a flaw in the PeopleSoft Enterprise PeopleTools Multichannel Framework component to partially access data [CVE-2016-0471].
A remote user can exploit a flaw in the PeopleSoft Enterprise PeopleTools Portal component to partially access data [CVE-2016-0463].
A remote user can exploit a flaw in the PeopleSoft Enterprise SCM Order Management Security component to partially modify data [CVE-2016-0590].
A remote authenticated user can exploit a flaw in the PeopleSoft Enterprise HCM Global Payroll Switzerland Security component to partially access data [CVE-2016-0409].
A remote authenticated user can exploit a flaw in the PeopleSoft Enterprise PeopleTools File Processing component to partially access data [CVE-2016-0587].
A remote authenticated user can exploit a flaw in the PeopleSoft Enterprise PeopleTools Multichannel Framework component to partially access data [CVE-2016-0462].
A remote authenticated user can exploit a flaw in the PeopleSoft Enterprise PeopleTools Fluid Core component to partially modify data [CVE-2016-0473].
A remote authenticated user can exploit a flaw in the PeopleSoft Enterprise PeopleTools PIA Core Technology component to partially modify data [CVE-2016-0474].
A remote authenticated user can exploit a flaw in the PeopleSoft Enterprise SCM eProcurement Manage Requisition Status component to partially modify data [CVE-2016-0412].

Affected Version
PeopleSoft Enterprise SCM Purchasing v9.1,9.2
PeopleSoft Enterprise PeopleTools v8.53,8.54,8.55
PeopleSoft Enterprise SCM Order Management v9.1,9.2
PeopleSoft Enterprise HCM Global Payroll Switzerland v9.1,9.2
PeopleSoft Enterprise SCM eProcurement v9.1,9.2

A remote user can obtain data on the target system.
A remote user can modify data on the target system.

Newer version is available to download . For more information about this product or to check for new releases, go to theOracle PeopleSoft Products.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

cpujan2016-2367955: Linux