Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2017-3548

Published: 24/04/2017 Updated: 03/10/2019
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
CVSS v3 Base Score: 6.5 | Impact Score: 2.5 | Exploitability Score: 3.9
VMScore: 650
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Subscribe to Oracle

Vulnerability Summary

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

oracle peoplesoft enterprise peopletools 8.55

oracle peoplesoft enterprise peopletools 8.54

Exploits

Exploit DB: Oracle PeopleSoft HCM 9.2 XXE Injection
Oracle PeopleSoft HCM version 92 on PeopleTools version 855 suffers from an XML external entity injection vulnerability ...
Exploit DB: Oracle PeopleSoft - 'PeopleSoftServiceListeningConnector' XML External Entity via DOCTYPE
Application: Oracle PeopleSoft Versions Affected: PeopleSoft HCM 92 on PeopleTools 855 Vendor URL: oraclecom Bug: XXE Reported: 23122016 Vendor response: 24122016 Date of Public Advisory: 18042017 Reference: Oracle CPU April 2017 Author: Nadya Krivdyuk (ERPScan) Description 1 ADVISORY INFORMATION Title:[ERPSCAN-17-020] XXE VIA D ...
Exploit DB: Oracle PeopleSoft Enterprise PeopleTools < 8.55 - Remote Code Execution Via Blind XML External Entity
#!/usr/bin/python3 # Oracle PeopleSoft SYSTEM RCE # wwwambionicsio/blog/oracle-peoplesoft-xxe-to-rce # cf # 2017-05-17 import requests import urllibparse import re import string import random import sys from requestspackagesurllib3exceptions import InsecureRequestWarning requestspackagesurllib3disable_warnings(InsecureRequest ...

References

CWE-611http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.htmlhttp://www.securityfocus.com/bid/97880http://www.securitytracker.com/id/1038301https://www.exploit-db.com/exploits/41925/https://erpscan.io/advisories/erpscan-17-020-xxe-via-doctype-peoplesoft/https://nvd.nist.govhttps://packetstormsecurity.com/files/142242/Oracle-PeopleSoft-HCM-9.2-XXE-Injection.htmlhttps://www.exploit-db.com/exploits/41925/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook