The Application Messaging Gateway for PeopleTools 8.1x prior to 8.19, as used in various PeopleSoft products, allows remote malicious users to read arbitrary files via certain XML External Entities (XXE) fields in an HTTP POST request that is processed by the SimpleFileHandler handler.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
peoplesoft peopletools 8.15 |
||
peoplesoft peopletools 8.17 |
||
peoplesoft peopletools 8.18 |
||
peoplesoft peopletools 8.14 |
||
peoplesoft peopletools 8.16 |