Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne Bugs Let Remote Users Access and Modify Data - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > Oracle PeopleSoft Products

Vendors: Oracle

Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne Bugs Let Remote Users Access and Modify Data

SecurityTracker Alert ID: 1021055

SecurityTracker URL: http://securitytracker.com/id/1021055

CVE Reference: CVE-2008-4000, CVE-2008-4001, CVE-2008-4002, CVE-2008-4003, CVE-2008-4004 (Links to External Site)

Date: Oct 14 2008

Impact: Disclosure of user information, Modification of user information

Fix Available: Yes Vendor Confirmed: Yes

Description: A vulnerability was reported in Oracle PeopleSoft Enterprise, JD Edwards EnterpriseOne, and PeopleTools. A remote or local user can access and modify data on the target system.

A remote or local user can exploit several unspecified vulnerabilities to affect the confidentiality and integrity of data on the target system.

No details were provided.

The PeopleTools [CVE-2008-4000, CVE-2008-4002, CVE-2008-4003], PeopleSoft Enterprise Portal [CVE-2008-4001], and JDE EnterpriseOne Business Service Server [CVE-2008-4004] components are affected.

The following researchers reported these and other Oracle vulnerabilities:

Esteban Martinez Fayo of Application Security, Inc.; Pete Finnigan; Tony Fogarty of DNV; guyp of Sentrigo; Jack Kanter of Integrigy; Joxean Koret; Alexander Kornbrust of Red Database Security; Slavik Markovich of Sentrigo; Amichai Shulman of Imperva, Inc.; and Chris Valasek of IBM Corp.

Impact: A remote or local user can access and modify data on the target system.

Solution: The vendor has issued a fix, described in their October 2008 Critical Patch Update advisory.

The Oracle advisory is available at:

http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html

Vendor URL: www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html (Links to External Site)

Cause: Not specified

Underlying OS: Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), UNIX (Tru64), Windows (NT), Windows (2000), Windows (2003)

Message History: None.

Source Message Contents

Date: Tue, 14 Oct 2008 08:03:42 -0400
Subject: Oracle PeopleSoft Enterprise PeopleTools


http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC