SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Server)  >   Microsoft Exchange Vendors:   Microsoft
(Microsoft Issues Fix for Exchange Server) Oracle PeopleSoft Products Bugs Let Remote Users Partially Access and Modify Data and Partially Deny Service
SecurityTracker Alert ID:  1028904
SecurityTracker URL:  http://securitytracker.com/id/1028904
CVE Reference:   CVE-2013-3776, CVE-2013-3781   (Links to External Site)
Updated:  Aug 28 2013
Original Entry Date:  Aug 13 2013
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Exchange Server 2007 SP3, 2010 SP2, 2010 SP3, 2013 CU1, 2013 CU2
Description:   Multiple vulnerabilities were reported in Oracle PeopleSoft Products. A remote user can partially access and modify data on the target system. A remote user can cause partial denial of service conditions. Microsoft Exchange Server is affected by two vulnerabilities.

A remote user can exploit a flaw in the PeopleSoft Enterprise PeopleTools Business Interlinks component to partially access and modify data on the target system [CVE-2013-3800].

A remote user can partially access data or partially deny service. The PeopleSoft Enterprise PeopleToolsIntegration Broker [CVE-2013-3821] and Mobile Applications [CVE-2013-3819] components are affected.

A remote authenticated user can exploit a flaw in the PeopleSoft Enterprise HRMS Time and Labor component to partially access and modify data [CVE-2013-3784].

A remote user can exploit a flaw in the PeopleSoft Enterprise PeopleTools Business Interlink component to partially deny service [CVE-2013-3820].

A remote user can partially modify data on the target system. The PeopleSoft Enterprise PeopleTools PIA Core Technology [CVE-2013-3761], PIA Search Functionality [CVE-2013-3759], Portal [CVE-2013-3818], and Rich Text Editor [CVE-2013-3768] components are affected.

A remote authenticated user can exploit a flaw in the PeopleSoft Enterprise PeopleSoft Enterprise Portal Saved Search component to partially access data on the target system [CVE-2013-3780].

The following researchers reported these and other Oracle product vulnerabilities:

Adam Willard of Foreground Security; Alexey Tyurin of ERPScan (Digital Security Research Group); Andrea Micalizzi aka rgod, working with HP's Zero Day Initiative; Ari Rubinstein of Salesforce.com; Balint Varga-Perke of Silent Signal LLC; Borked of the Google Security Team; David Hoyt; Esteban Martinez Fayo of Application Security, Inc.; Guy Lichtman of McAfee Security Research; Joonas Kuorilehto of Codenomicon; Masashi Shiraishi of JPCERT/CC Vulnerability Handling Team; Michael Schaefer of Schutzwerk GmbH; Nicolas Grgoire of HP's Zero Day Initiative; Peter Babel of Schutzwerk GmbH; Richard Warren of NCC Group; Rohan Stelling of BAE Systems Detica; Takahiro Haruyama of Internet Initiative Japan Inc. via JPCERT/CC; and Travis Emmert via iDefense.

Impact:   A remote user can partially access and modify data on the target system.

A remote user can cause partial denial of service conditions.

Solution:   Microsoft has issued a fix for CVE-2013-3776 and CVE-2013-3781 for Exchange Server.

Microsoft Exchange Server 2007 Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=4a600fae-7e10-4a96-9f39-c1e90365086d

Microsoft Exchange Server 2010 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=88c04e81-365b-48b0-9e11-fd9533fac364

Microsoft Exchange Server 2010 Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=75a59791-395c-4352-886a-ae4966dd309a

Microsoft Exchange Server 2013 Cumulative Update 1:

http://www.microsoft.com/downloads/details.aspx?familyid=24adc6bc-ad05-44a7-91b3-84812834a18c

Microsoft Exchange Server 2013 Cumulative Update 2:

http://www.microsoft.com/downloads/details.aspx?familyid=74e61c7a-ffa0-4524-86a2-6c613529a775

[Editor's note: On August 27, 2013, Microsoft updated their advisory to re-offer the 2874216 update for Microsoft Exchange Server 2013 Cumulative Update 1 and Microsoft Exchange Server 2013 Cumulative Update 2.]

The Microsoft advisory is available at:

http://technet.microsoft.com/en-us/security/bulletin/ms13-061

Vendor URL:  www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html (Links to External Site)
Cause:   Not specified
Underlying OS:  Windows (Any)

Message History:   This archive entry is a follow-up to the message listed below.
Jul 17 2013 Oracle PeopleSoft Products Bugs Let Remote Users Partially Access and Modify Data and Partially Deny Service



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC