SB2013041704 - Multiple vulnerabilities in Oracle PeopleSoft Enterprise PeopleTools
Published: April 17, 2013 Updated: August 11, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2013-3759)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via vectors related to PIA Search Functionality.
2) Input validation error (CVE-ID: CVE-2013-2406)
The vulnerability allows a remote #AU# to manipulate data.
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote authenticated users to affect integrity via vectors related to PIA Core Technology.
3) Input validation error (CVE-ID: CVE-2013-2409)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality via vectors related to PIA Core Technology.
Remediation
Install update from vendor's website.
References
- http://osvdb.org/95297
- http://secunia.com/advisories/54233
- http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
- http://www.securityfocus.com/bid/61255
- https://exchange.xforce.ibmcloud.com/vulnerabilities/85684
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
- http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html