漏洞类别:Local
漏洞等级: 
漏洞信息
Oracle's PeopleSoft applications are designed to address the most complex business requirements.
Multiple vulnerabilities were reported in Oracle PeopleSoft Products.
- Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PORTAL). Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP, but can only be launched from an adjacent network. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. (CVE-2015-0453)
- Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data. (CVE-2015-0472, CVE-2015-0487)
- Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Search Functionality). Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. (CVE-2015-0496)
Affected Version
PeopleSoft Enterprise PeopleTools 8.53.00
PeopleSoft Enterprise PeopleTools 8.54.00
漏洞危害
Successful exploitation allows attacker to compromise the system.
解决方案
Newer version is available to download. For more information about this product or to check for new releases, go to the Oracle PeopleSoft Products.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论