5 matches found
U.S. Dept Of Defense: XXE with RCE potential on the https://█████████ (CVE-2017-3548)
The security vulnerability CVE-2017-3548 was identified in the Oracle PeopleSoft application. The vulnerability allowed for the execution of XML External Entity XXE attacks, which could potentially lead to remote code execution. A proof of concept was demonstrated that created a new service on th...
Oracle Human Resources Management System PeopleSoft unauthorized remote code execution vulnerability parsing-vulnerability warning-the black bar safety net
! A few months ago, I had the privilege of participating in several of Oracle's PeopleSoft construction project Safety Audit, the audit object mainly for the PeopleSoft series of Human Resources Management System, HRMS, and development tools package PeopleTool it. Throughout the online on the...
Oracle PeopleSoft - 'PeopleSoftServiceListeningConnector' XML External Entity via DOCTYPE
Application: Oracle PeopleSoft Versions Affected: PeopleSoft HCM 9.2 on PeopleTools 8.55 Vendor URL: http://oracle.com Bug: XXE Reported: 23.12.2016 Vendor response: 24.12.2016 Date of Public Advisory: 18.04.2017 Reference: Oracle CPU April 2017 Author: Nadya Krivdyuk ERPScan Description 1...
CVE-2017-3548
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products subcomponent: Integration Broker. Supported versions that are affected are 8.54 and 8.55. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise...
CVE-2017-3548
The CVE-2017-3548 issue affects Oracle PeopleSoft Enterprise PeopleTools (subcomponent Integration Broker) with affected versions 8.54 and 8.55. It is an XML External Entity (XXE) vulnerability in the PeopleSoftServiceListeningConnector that allows an unauthenticated remote attacker, over HTTP, t...