Lucene search

[email protected]NVD:CVE-2003-0950

HistoryDec 15, 2003 - 5:00 a.m.

CVE-2003-0950

2003-12-1505:00:00

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

86.1%

JSON

PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x allows remote attackers to execute arbitrary commands by uploading a file to the IClient Servlet, guessing the insufficiently random (system time) name of the directory used to store the file, and directly requesting that file.

Affected configurations

NVD

Node

peoplesoftpeopletoolsMatch8.4

peoplesoftpeopletoolsMatch8.10

peoplesoftpeopletoolsMatch8.11

peoplesoftpeopletoolsMatch8.12

peoplesoftpeopletoolsMatch8.13

peoplesoftpeopletoolsMatch8.14

peoplesoftpeopletoolsMatch8.15

peoplesoftpeopletoolsMatch8.16

peoplesoftpeopletoolsMatch8.17

peoplesoftpeopletoolsMatch8.18

peoplesoftpeopletoolsMatch8.19

peoplesoftpeopletoolsMatch8.20

peoplesoftpeopletoolsMatch8.40

peoplesoftpeopletoolsMatch8.41

peoplesoftpeopletoolsMatch8.42

peoplesoftpeopletoolsMatch8.43

References

www.securityfocus.com/bid/9041

xforce.iss.net/xforce/alerts/id/157

exchange.xforce.ibmcloud.com/vulnerabilities/12805

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

86.1%

JSON

Related for NVD:CVE-2003-0950

cvelist1 cve1