SB2018041809 - Multiple vulnerabilities in Oracle PeopleSoft Products

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018041809

SB2018041809 - Multiple vulnerabilities in Oracle PeopleSoft Products

Published: April 18, 2018

Security Bulletin ID SB2018041809
Severity
Low
Patch available
YES
Number of vulnerabilities 11
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 11 secuirty vulnerabilities.


1) Security restrictions bypass (CVE-ID: CVE-2018-2752)

The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information and write arbitrary files on the target system.

The weakness exists in the PeopleSoft Enterprise HCM Security component due to improper security restrictions. A remote attacker can partially access and partially modify data.

2) Privilege escalation (CVE-ID: CVE-2018-2772)

The vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.

The weakness exists in the PeopleSoft Enterprise PeopleTools Rich Text Editor component due to improper security restrictions. A remote attacker can gain root privileges.

3) Security restrictions bypass (CVE-ID: CVE-2018-2774)

The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information, write arbitrary files and cause DoS condition on the target system.

The weakness exists in the PeopleSoft Enterprise PT PeopleTools SQR component due to improper security restrictions. A remote attacker can partially access, partially modify data and partially cause the service to crash.

4) Security restrictions bypass (CVE-ID: CVE-2018-2785)

The vulnerability allows a remote attacker to write arbitrary files on the target system.

The weakness exists in the PeopleSoft Enterprise PeopleTools Stylesheet component due to improper security restrictions. A remote attacker can partially modify data.

5) Security restrictions bypass (CVE-ID: CVE-2018-2788)

The vulnerability allows a remote attacker to obtain potentially sensitive information and write arbitrary files on the target system.

The weakness exists in the PeopleSoft Enterprise PeopleTools Fluid Core component due to improper security restrictions. A remote attacker can partially access and partially modify data.

6) Security restrictions bypass (CVE-ID: CVE-2018-2793)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists in the PeopleSoft Enterprise PT PeopleTools PsAdmin component due to improper security restrictions. A local attacker can gain access to potentially sensitive information.

7) Security restrictions bypass (CVE-ID: CVE-2018-2809)

The vulnerability allows a remote attacker to write arbitrary files on the target system.

The weakness exists in the PeopleSoft Enterprise PeopleTools Fluid Homepage & Navigation component due to improper security restrictions. A remote attacker can partially modify data.

8) Security restrictions bypass (CVE-ID: CVE-2018-2820)

The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the target system.

The weakness exists in the PeopleSoft Enterprise PeopleTools Fluid Core component due to improper security restrictions. A remote attacker can gain partial access to potentially sensitive information.

9) Security restrictions bypass (CVE-ID: CVE-2018-2821)

The vulnerability allows a remote attacker to obtain potentially sensitive information and write arbitrary files on the target system.

The weakness exists in the PeopleSoft Enterprise PeopleTools Rich Text Editor component due to improper security restrictions. A remote attacker can partially access and partially modify data.

10) Security restrictions bypass (CVE-ID: CVE-2018-2838)

The vulnerability allows a remote attacker to obtain potentially sensitive information and write arbitrary files on the target system.

The weakness exists in the PeopleSoft Enterprise PRTL Interaction Hub EPPCM_HIER_TOP component due to improper security restrictions. A remote attacker can partially access and partially modify data.

11) Security restrictions bypass (CVE-ID: CVE-2018-2878)

The vulnerability allows a remote attacker to obtain potentially sensitive information and write arbitrary files on the target system.

The weakness exists in the PeopleSoft Enterprise HCM Shared Components Notepad component due to improper security restrictions. A remote attacker can partially access and partially modify data.

Remediation

Install update from vendor's website.

References