Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

peoplesoft_enterprise_pt_peopletools

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

7
Related CVEsRelated VendorsRelated AssignersReports
7Vulnerabilities found
CVE-2021-2408
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-6.1||MEDIUM
EPSS-0.58% / 67.98%
||
7 Day CHG~0.00%
Published-20 Jul, 2021 | 22:44
Updated-26 Sep, 2024 | 13:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Notification Configuration). The supported version that is affected is 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PT PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PT PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PT PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-peoplesoft_enterprise_pt_peopletoolsPeopleSoft Enterprise PT PeopleTools
CVE-2021-2218
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-8.3||HIGH
EPSS-0.53% / 66.20%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 21:53
Updated-26 Sep, 2024 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Health Center). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. While the vulnerability is in PeopleSoft Enterprise PT PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PT PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PT PeopleTools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PT PeopleTools. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L).

Action-Not Available
Vendor-Oracle Corporation
Product-peoplesoft_enterprise_pt_peopletoolsPeopleSoft Enterprise PT PeopleTools
CVE-2020-13956
Assigner-Apache Software Foundation
ShareView Details
Assigner-Apache Software Foundation
CVSS Score-5.3||MEDIUM
EPSS-0.51% / 65.15%
||
7 Day CHG~0.00%
Published-02 Dec, 2020 | 16:20
Updated-04 Aug, 2024 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.

Action-Not Available
Vendor-quarkusn/aNetApp, Inc.The Apache Software FoundationOracle Corporation
Product-communications_cloud_native_core_service_communication_proxypeoplesoft_enterprise_peopletoolsprimavera_unifierquarkusjd_edwards_enterpriseone_orchestratorhttpclientactive_iq_unified_managerjd_edwards_enterpriseone_toolssnapcenterpeoplesoft_enterprise_pt_peopletoolsweblogic_servernosql_databasesql_developerspatial_studiocommerce_guided_searchretail_customer_management_and_segmentation_foundationdata_integratorApache HttpClient
CVE-2017-18640
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.17% / 83.63%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 00:00
Updated-05 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.

Action-Not Available
Vendor-snakeyaml_projectquarkusn/aOracle CorporationFedora Project
Product-snakeyamlfedorapeoplesoft_enterprise_pt_peopletoolsquarkusn/a
CWE ID-CWE-776
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CVE-2019-12402
Assigner-Apache Software Foundation
ShareView Details
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.99%
||
7 Day CHG-0.01%
Published-29 Aug, 2019 | 00:00
Updated-04 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.

Action-Not Available
Vendor-The Apache Software FoundationFedora ProjectOracle Corporation
Product-flexcube_investor_servicingprimavera_gatewaycommunications_ip_service_activatorcommunications_session_route_managerflexcube_private_bankingretail_integration_busbanking_platformcommunications_session_report_managerpeoplesoft_enterprise_pt_peopletoolsbanking_paymentsessbasefedorajdeveloperretail_xstore_point_of_servicecustomer_management_and_segmentation_foundationcommons_compresshyperion_infrastructure_technologycommunications_element_managerwebcenter_portalApache Commons Compress
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2019-10086
Assigner-Apache Software Foundation
ShareView Details
Assigner-Apache Software Foundation
CVSS Score-7.3||HIGH
EPSS-0.26% / 49.33%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 20:10
Updated-04 Aug, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.

Action-Not Available
Vendor-The Apache Software FoundationRed Hat, Inc.openSUSEFedora ProjectDebian GNU/LinuxOracle Corporation
Product-enterprise_linux_servercommunications_metasolv_solutionhospitality_reporting_and_analyticspeoplesoft_enterprise_peopletoolscommunications_billing_and_revenue_management_elastic_charging_enginecommunications_cloud_native_core_consolejd_edwards_enterpriseone_orchestratorenterprise_linux_server_auscommunications_network_integrityprimavera_gatewayretail_back_officeretail_central_officebanking_platformagile_plmretail_merchandising_systemcommunications_performance_intelligence_centercommunications_cloud_native_core_policyretail_point-of-servicepeoplesoft_enterprise_pt_peopletoolsblockchain_platformcommunications_cloud_native_core_unified_data_repositoryhealthcare_foundationservice_busenterprise_linux_workstationfedoracommunications_design_studiocustomer_management_and_segmentation_foundationenterprise_linux_euscommunications_evolved_communications_application_serverretail_price_managementcommunications_unified_inventory_managementapplication_testing_suiteenterprise_linux_desktopcommunications_convergencefusion_middlewareretail_advanced_inventory_planningretail_predictive_application_serverleapcommunications_billing_and_revenue_managemententerprise_manager_for_virtualizationsolaris_clusterflexcube_private_bankingretail_returns_managementnifiutilities_frameworkreal-time_decisions_solutionsfinancial_services_revenue_management_and_billing_analyticsretail_invoice_matchingdebian_linuxweblogic_servercommunications_pricing_design_centercommons_beanutilsretail_xstore_point_of_servicetime_and_laborhospitality_opera_5agile_product_lifecycle_management_integration_packenterprise_linux_server_tusinsurance_data_gatewayjboss_enterprise_application_platformjd_edwards_enterpriseone_toolsApache Commons Beanutils
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2018-2793
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-6.2||MEDIUM
EPSS-0.26% / 48.70%
||
7 Day CHG~0.00%
Published-19 Apr, 2018 | 02:00
Updated-03 Oct, 2024 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: PsAdmin). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PT PeopleTools executes to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PT PeopleTools accessible data. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-peoplesoft_enterprise_pt_peopletoolsPeopleSoft Enterprise PT PeopleTools