Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
Oracle PeopleSoft and JDEdwards Flaws Let Remote and Local Users Access and Modify Data and Local Users Deny Service
|
|
SecurityTracker Alert ID: 1024197 |
|
SecurityTracker URL: http://securitytracker.com/id/1024197
|
|
CVE Reference:
CVE-2010-2377, CVE-2010-2378, CVE-2010-2379, CVE-2010-2380, CVE-2010-2398, CVE-2010-2401, CVE-2010-2402, CVE-2010-2403
(Links to External Site)
|
Date: Jul 13 2010
|
Impact:
Denial of service via local system, Disclosure of user information, Modification of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
Several vulnerabilities were reported in Oracle PeopleSoft and JDEdwards products. A remote or local user can access and modify data on the target system. A local user can cause denial of service conditions.
A local user can cause denial of service conditions on the target system.
A remote or local user can partially access or modify data on the target system.
The PeopleSoft Enterprise HCM - eProfile Mgr [CVE-2010-2401], PeopleSoft Enterprise PeopleTools [CVE-2010-2377, CVE-2010-2402], PeopleSoft Enterprise FSCM [CVE-2010-2380], PeopleSoft Enterprise HCM [CVE-2010-2398], PeopleSoft Enterprise HCM - Time & Labor [CVE-2010-2379], PeopleSoft Enterprise CRM [CVE-2010-2378], and PeopleSoft Enterprise Campus Solutions [CVE-2010-2403] components are affected.
The following researchers reported these and other Oracle vulnerabilities:
Maksymilian Arciemowicz of SecurityReason; Okan Basegmez of DORASEC Consulting; Check Point Software; Esteban Martinez Fayo of Application Security, Inc.; Stephen Fewer of iDefense; Roy Fox of Sentrigo; Tobias Klein; Ofer Maor of Hacktics; MarkoT of Corelan Team; Slavik Markovich of Sentrigo; Andrea Micalizzi of TippingPoint's Zero Day Initiative; Monarch2020 of unsecurityresearch; Timothy D. Morgan of Virtual Security Research; Martin O'Neal of Corsaire Limited; Petko Petkov of Corsaire Limited; Cody Pierce of TippingPoint DVLabs; Andrea Purificato; an Anonymous Reporter of TippingPoint's Zero Day Initiative; John S.; Piotr Samborski of Wyzsza Szkola Informatyki; Sumit Siddharth; Frank Stuart; Laszlo Toth; Janek Vind of iDefense; and Dennis Yurichev of Sentrigo.
|
Impact:
A local user can cause denial of service conditions on the target system.
A remote or local user can partially access or modify data on the target system.
|
Solution:
The vendor has issued a fix, described in their July 2010 Critical Patch Update advisory.
The Oracle advisory is available at:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2010.html
|
Vendor URL: www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2010.html (Links to External Site)
|
Cause:
Not specified
|
Underlying OS:
Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), UNIX (Tru64), Windows (NT), Windows (2000), Windows (2003), Windows (XP)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 13 Jul 2010 22:01:16 +0000
Subject: Oracle PeopleSoft and JDEdwards Suite
|
CVE-2010-2377
CVE-2010-2378
CVE-2010-2379
CVE-2010-2380
CVE-2010-2398
CVE-2010-2401
CVE-2010-2402
CVE-2010-2403
|
|
Go to the Top of This SecurityTracker Archive Page
|
