SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   Application (Generic)  >   Oracle PeopleSoft Products Vendors:   Oracle
Oracle PeopleSoft Products Multiple Flaws Let Remote Authenticated Users Gain Elevated Privileges and Let Remote Users Access and Modify Data
SecurityTracker Alert ID:  1041891
SecurityTracker URL:  http://securitytracker.com/id/1041891
CVE Reference:   CVE-2018-3129, CVE-2018-3130, CVE-2018-3132, CVE-2018-3135, CVE-2018-3153, CVE-2018-3154, CVE-2018-3164, CVE-2018-3165, CVE-2018-3192, CVE-2018-3193, CVE-2018-3194, CVE-2018-3198, CVE-2018-3202, CVE-2018-3205, CVE-2018-3206, CVE-2018-3207, CVE-2018-3239, CVE-2018-3255, CVE-2018-3257, CVE-2018-3261, CVE-2018-3262, CVE-2018-3301   (Links to External Site)
Date:  Oct 16 2018
Impact:   Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Multiple vulnerabilities were reported in Oracle PeopleSoft Products. A remote authenticated user can gain elevated privileges. A remote user can access and modify data on the target system.

A remote authenticated user can exploit a flaw in the PeopleSoft Enterprise PeopleTools Query component to gain elevated privileges [CVE-2018-3192].

A remote authenticated user can exploit a flaw in the PeopleSoft Enterprise PeopleTools SQR component to gain elevated privileges [CVE-2018-3165].

A remote user can exploit a flaw in the PeopleSoft Enterprise PeopleTools Activity Guide component to partially access and partially modify data [CVE-2018-3193, CVE-2018-3194].

A remote user can exploit a flaw in the PeopleSoft Enterprise PeopleTools Elastic Search component to partially access and partially modify data [CVE-2018-3164].

A remote user can exploit a flaw in the PeopleSoft Enterprise PeopleTools Fluid Core component to partially access and partially modify data [CVE-2018-3255].

A remote user can exploit a flaw in the PeopleSoft Enterprise PeopleTools PIA Core Technology component to partially access and partially modify data [CVE-2018-3301, CVE-2018-3153, CVE-2018-3257].

A remote user can exploit a flaw in the PeopleSoft Enterprise PeopleTools Portal component to partially access and partially modify data [CVE-2018-3154, CVE-2018-3206, CVE-2018-3207].

A remote user can exploit a flaw in the PeopleSoft Enterprise PeopleTools Rich Text Editor component to partially access and partially modify data [CVE-2018-3132].

A remote user can exploit a flaw in the PeopleSoft Enterprise PeopleTools Workflow component to partially access and partially modify data [CVE-2018-3205].

A remote authenticated user can exploit a flaw in the PeopleSoft Enterprise Interaction Hub Application Portal component to partially access and partially modify data [CVE-2018-3130].

A remote user can exploit a flaw in the PeopleSoft Enterprise PeopleTools Integration Broker component to partially access data [CVE-2018-3239, CVE-2018-3261].

A remote user can exploit a flaw in the PeopleSoft Enterprise PeopleTools Performance Monitor component to partially access data [CVE-2018-3202].

A remote user can exploit a flaw in the PeopleSoft Enterprise PeopleTools Portal component to partially access data [CVE-2018-3198, CVE-2018-3135].

A remote user can exploit a flaw in the PeopleSoft Enterprise PeopleTools Stylesheet component to partially modify data [CVE-2018-3262].

A remote user can exploit a flaw in the PeopleSoft Enterprise PeopleTools Portal component to partially modify data [CVE-2018-3129].

Giulio Comi of Horizon Security, Jon King of OPNAV N1, US Navy, and Lukasz Mikula reported these vulnerabilities.

Impact:   A remote user can obtain data on the target system.

A remote user can modify data on the target system.

A remote authenticated user can gain elevated privileges on the target system.

Solution:   The vendor has issued a fix as part of the Oracle Critical Patch Update Advisory - October 2018.

The vendor advisory is available at:

https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Vendor URL:  www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC