Lucene search

PRIOn knowledge basePRION:CVE-2008-4000

HistoryOct 14, 2008 - 9:11 p.m.

Design/Logic Flaw

2008-10-1421:11:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.006 Low

EPSS

Percentile

78.7%

JSON

Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.18 and 8.49.14 allows remote attackers to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the Oracle October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue allows bypass of the lockout mechanism using brute force guessing of credentials and a response discrepancy information leak when the password is correct.

CPENameOperatorVersion
enterpriseoneeq8.48.18
jd_edwards_enterpriseoneeq8.49.14
peoplesoft_enterpriseeq8.48.18
peoplesoft_peopletoolseq8.49.14

Name	Operator	Version
enterpriseone	eq	8.48.18
jd_edwards_enterpriseone	eq	8.49.14
peoplesoft_enterprise	eq	8.48.18
peoplesoft_peopletools	eq	8.49.14

References

secunia.com/advisories/32291

www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html

www.securityfocus.com/archive/1/497543/100/0/threaded

www.securitytracker.com/id?1021055

www.vupen.com/english/advisories/2008/2825

exchange.xforce.ibmcloud.com/vulnerabilities/45902

6.5 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.006 Low

EPSS

Percentile

78.7%

JSON

Related for PRION:CVE-2008-4000