Peoplesoft Enterprise Peopletools Security Vulnerabilities and Issues — Peoplesoft Enterprise Peopletools CVE List

Lucene search

OraclePeoplesoft Enterprise Peopletools

22 matches found

cve•added 2022/03/11 7:15 a.m.•572 views

CVE-2020-36518

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

7.5CVSS7.4AI score0.00477EPSS

cve•added 2022/03/16 5:15 p.m.•566 views

CVE-2022-24729

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the dialog plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser...

7.5CVSS6.7AI score0.00474EPSS

cve•added 2022/03/16 4:15 p.m.•484 views

CVE-2022-24728

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content sanitizatio...

5.4CVSS5.9AI score0.00828EPSS

cve•added 2022/01/24 3:15 p.m.•291 views

CVE-2022-23437

There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present withi...

7.1CVSS6.6AI score0.00077EPSS

cve•added 2022/02/24 7:15 p.m.•254 views

CVE-2022-21824

Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "proto ". The prototype pollution has...

8.2CVSS8.1AI score0.00317EPSS

cve•added 2022/01/28 10:15 p.m.•251 views

CVE-2021-4160

There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis su...

5.9CVSS6.2AI score0.24988EPSS

cve•added 2022/02/24 7:15 p.m.•224 views

CVE-2021-44531

Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and

7.4CVSS7.5AI score0.00141EPSS

cve•added 2022/02/24 7:15 p.m.•214 views

CVE-2021-44533

Node.js < 12.22.9, < 14.18.3, < 16.13.2, and

5.3CVSS6.3AI score0.00268EPSS

cve•added 2022/02/24 7:15 p.m.•204 views

CVE-2021-44532

Node.js < 12.22.9, < 14.18.3, < 16.13.2, and

5.3CVSS6.6AI score0.00097EPSS

cve•added 2022/01/19 12:15 p.m.•117 views

CVE-2022-21345

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security). Supported versions that are affected are 8.58 and 8.59. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleT...

6.5CVSS6.4AI score0.00573EPSS

cve•added 2022/04/19 9:15 p.m.•88 views

CVE-2022-21458

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Navigation Pages, Portal, Query). Supported versions that are affected are 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Peopl...

6.1CVSS5.8AI score0.00582EPSS

cve•added 2022/04/19 9:15 p.m.•83 views

CVE-2022-21456

6.1CVSS5.6AI score0.00582EPSS

cve•added 2022/04/19 9:15 p.m.•74 views

CVE-2022-21470

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Process Scheduler). Supported versions that are affected are 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterpri...

6.1CVSS5.8AI score0.00582EPSS

cve•added 2022/01/19 12:15 p.m.•72 views

CVE-2022-21369

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Rich Text Editor). Supported versions that are affected are 8.57, 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Ent...

6.1CVSS5.8AI score0.00582EPSS

cve•added 2022/07/19 10:15 p.m.•72 views

CVE-2022-21521

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: XML Publisher). Supported versions that are affected are 8.58 and 8.59. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise P...

4.9CVSS5.2AI score0.00586EPSS

cve•added 2022/07/19 10:15 p.m.•67 views

CVE-2022-21512

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Integration Broker). Supported versions that are affected are 8.58 and 8.59. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where PeopleSoft Enterprise ...

4.4CVSS4.7AI score0.00214EPSS

cve•added 2022/07/19 10:15 p.m.•64 views

CVE-2022-21520

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Fluid Core). Supported versions that are affected are 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise Peop...

6.1CVSS5.8AI score0.006EPSS

cve•added 2022/01/19 12:15 p.m.•62 views

CVE-2022-21272

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.57, 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise Pe...

6.1CVSS5.8AI score0.00582EPSS

cve•added 2022/01/19 12:15 p.m.•56 views

CVE-2022-21359

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Optimization Framework). Supported versions that are affected are 8.57, 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSo...

6.1CVSS5.8AI score0.00582EPSS

cve•added 2022/07/19 10:15 p.m.•52 views

CVE-2022-21543

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Mgmt). Supported versions that are affected are 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft E...

9.8CVSS9.2AI score0.0497EPSS

cve•added 2022/01/19 12:15 p.m.•51 views

CVE-2022-21364

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Weblogic). Supported versions that are affected are 8.57, 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise ...

5.3CVSS4.8AI score0.00941EPSS

cve•added 2022/10/18 9:15 p.m.•41 views

CVE-2022-39407

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise Peopl...

5.5CVSS5.7AI score0.00151EPSS