Anonymous Directory Traversal Vulnerability (Double Encode) - PeopleSoft

2017-03-16T00:00:00
ID ERPSCAN-17-040
Type erpscan
Reporter ERPScan
Modified 2017-03-16T00:00:00

Description

Application: Oracle PeopleSoft
Versions Affected: PeopleTools 8.54, 8.55
Vendor: Oracle
Bugs: Directory Traversal and Authentication Bypass
Reported: 16.03.2017
Vendor response: 17.03.2017
Date of Public Advisory: 18.07.2017
Reference: Oracle CPU July 2017
Authors: Dmitrii Iudin aka @ret5et (ERPScan)

VULNERABILITY INFORMATION

Class: Directory Traversal
Risk: Medium
Impact: Read file from system
Remotely Exploitable: Yes
CVE Name: CVE-2017-10146

CVSS Information

CVSS Base Score v3: 8.3 / 10
CVSS Base Vector:

AV: Attack Vector (Related exploit range) | Network (N)
---|---
AC: Attack Complexity (Required attack complexity) | Low (L)
PR: Privileges Required (Level of privileges needed to exploit) | None (N)
UI: User Interaction (Required user participation) | None (N)
S: Scope (Change in scope due to impact caused to components beyond the vulnerable component) | Changed (C)
C: Impact to Confidentiality | Low (L)
I: Impact to Integrity | Low (L)
A: Impact to Availability| Low (L)

VULNERABILITY DESCRIPTION

Oracle PeopleSoft HCM 9.2 suffers from critical directory traversal vulnerability.

An attacker could read the content of arbitrary files on the remote server and expose sensitive data.

VULNERABLE PACKAGES

Oracle PeopleSoft HCM 9.2

SOLUTIONS AND WORKAROUNDS

To correct this vulnerability, implement Oracle CPU July 2017