漏洞类别:Local
漏洞等级: 
漏洞信息
Oracle's PeopleSoft applications are designed to address the most complex business requirements.
Multiple vulnerabilities were reported in Oracle PeopleSoft Products.
- Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: PeopleSoft-VM). Very difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.
- Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Security). Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PeopleTools.
- Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data.
Affected Version
PeopleSoft Enterprise PeopleTools prior to 8.53.24
PeopleSoft Enterprise PeopleTools prior to 8.54.13
漏洞危害
Successful exploitation allows attacker to compromise the system.
解决方案
Newer version is available to download. For more information about this product or to check for new releases, go to the Oracle PeopleSoft Products.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论