Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2017-10366

Published: 19/10/2017 Updated: 03/10/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Peoplesoft Enterprise Peopletools

Vulnerability Summary

Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: Performance Monitor). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PT PeopleTools. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

oracle peoplesoft enterprise peopletools 8.55

oracle peoplesoft enterprise peopletools 8.54

oracle peoplesoft enterprise peopletools 8.56

Exploits

Exploit DB: Oracle PeopleSoft 8.5x - Remote Code Execution
# Exploit Title: RCE vulnerability in monitor service of PeopleSoft 854, 855, 856 # Date: 30 Oct 2017 # Exploit Author: Vahagn Vardanyan # Vendor Homepage: Oracle # Software Link: Oracle PeopleSoft # Version: 854, 855, 856 # Tested on: Windows, Linux # CVE : CVE-2017-10366 githubcom/vah13/OracleCVE/tree/master/CVE-2017-10366 The RCE ...
Exploit DB: Oracle PeopleSoft 8.5x Remote Code Execution
Oracle PeopleSoft version 85x suffers from a remote code execution vulnerability ...

Github Repositories

https://github.com/blazeinfosec/CVE-2017-10366_peoplesoft

CVE-2017-10366: Oracle PeopleSoft 8.54, 8.55, 8.56 Java deserialization exploit

CVE-2017-10366: Oracle PeopleSoft 854, 855, 856 Java deserialization exploit This script automates the exploitation of a Java deserialization vulnerability in Oracle PeopleSoft, originally discovered by Vahagn Vardanyan This exploit requires ysoserialjar to generate cross-platform serialized Java payloads ysoserial must be in the same directory as this script PS: It uses

References

NVD-CWE-noinfohttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.securitytracker.com/id/1039598http://www.securityfocus.com/bid/101455https://www.exploit-db.com/exploits/43594/https://nvd.nist.govhttps://github.com/blazeinfosec/CVE-2017-10366_peoplesofthttps://www.exploit-db.com/exploits/43594/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook