Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
Oracle PeopleSoft Products Lets Remote Users Partially Modify Data and Remote Authenticated Users Partially Access Data, Modify Data, and Deny Service
|
|
SecurityTracker Alert ID: 1026954 |
|
SecurityTracker URL: http://securitytracker.com/id/1026954
|
|
CVE Reference:
CVE-2012-0514, CVE-2012-0517, CVE-2012-0521, CVE-2012-0524, CVE-2012-0529, CVE-2012-0530, CVE-2012-0531, CVE-2012-0533, CVE-2012-0536, CVE-2012-0538, CVE-2012-0559, CVE-2012-0560, CVE-2012-0561, CVE-2012-0562, CVE-2012-0564
(Links to External Site)
|
Date: Apr 18 2012
|
Impact:
Denial of service via network, Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 8.50, 8.51, 8.52, 9.0, 9.1
|
Description:
Multiple vulnerabilities were reported in Oracle PeopleSoft Products. A remote authenticated user can partially access and modify data on the target system. A remote authenticated can cause partial denial of service conditions. A remote user can partially modify data on the target system.
The PeopleSoft Enterprise CRM [CVE-2012-0514], PeopleSoft Enterprise FCSM [CVE-2012-0533], PeopleSoft Enterprise HCM [CVE-2012-0521], PeopleSoft Enterprise HRMS [CVE-2012-0517, CVE-2012-0562, CVE-2012-0536], and PeopleSoft Enterprise PeopleTools [CVE-2012-0524, CVE-2012-0529, CVE-2012-0530, CVE-2012-0531, CVE-2012-0538, CVE-2012-0559, CVE-2012-0560, CVE-2012-0561, CVE-2012-0564] components are affected.
The following researchers reported these and other Oracle vulnerabilities:
Alexander Kornbrust of Red Database Security; Andrea Micalizzi aka rgod, working with TippingPoint's Zero Day Initiative; Brian Gorenc TippingPoint DVLabs; Dave Love; David Litchfield of V3rity; Edward Torkington; Esteban Martinez Fayo of Application Security, Inc.; Frank Stuart; G & W Laboratories of TippingPoint's Zero Day Initiative; Nathan Catlow of Recx; Peter Maklary of LYNX Ltd.; Pierre Ernst of IBM Canada; Roberto Suggi Liverani of Security-Assessment.com; Shrikant Antre and Sunil Yadav of Network Intelligence; Sow Ching Shiong, reported through Secunia; Vishal K; and William Hay.
|
Impact:
A remote authenticated user can partially access and modify data on the target system.
A remote authenticated can cause partial denial of service conditions.
A remote user can partially modify data on the target system.
|
Solution:
The vendor has issued a fix, described in their April 2012 Critical Patch Update advisory.
The vendor's advisory is available at:
http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html
|
Vendor URL: www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html (Links to External Site)
|
Cause:
Not specified
|
Underlying OS:
Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), UNIX (Tru64), Windows (NT), Windows (2000), Windows (2003), Windows (XP)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 18 Apr 2012 01:28:37 +0000
Subject: Oracle PeopleSoft Products
|
http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html
CVE-2012-0514
CVE-2012-0517
CVE-2012-0521
CVE-2012-0524
CVE-2012-0529
CVE-2012-0530
CVE-2012-0531
CVE-2012-0533
CVE-2012-0536
CVE-2012-0538
CVE-2012-0559
CVE-2012-0560
CVE-2012-0561
CVE-2012-0562
CVE-2012-0564
|
|
Go to the Top of This SecurityTracker Archive Page
|
