Vulners
Lucene search
Oracle Integration Gateway Directory Traversal Vulnerability
| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
 | Oracle Integration Gateway File Upload Vulnerability | 22 Jul 201700:00 | – | zdt |
 | Oracle PeopleSoft Enterprise PeopleTools Remote Vulnerability (CNVD-2017-26305) | 1 Aug 201700:00 | – | cnvd |
 | CVE-2017-10061 | 8 Aug 201715:00 | – | cve |
 | CVE-2017-10061 | 8 Aug 201715:00 | – | cvelist |
 | Directory Traversal Vulnerability in Integration Gateway (PSIGW) | 27 Mar 201700:00 | – | erpscan |
| File Upload in Integration Gateway (PSIGW) - PeopleSoft | 27 Mar 201700:00 | – | erpscan |
 | EUVD-2017-1708 | 7 Oct 202500:30 | – | euvd |
 | CVE-2017-10061 | 8 Aug 201715:29 | – | nvd |
 | Oracle Critical Patch Update Advisory - July 2017 | 20 Mar 201800:00 | – | oracle |
 | Code injection | 8 Aug 201715:29 | – | prion |
10
1. ADVISORY INFORMATION
Title: Directory Traversal vulnerability in Integration Gateway (PSIGW)
Advisory ID: [ERPSCAN-17-038]
Advisory URL: https://erpscan.com/advisories/erpscan-17-038-directory-traversal-vulnerability-integration-gateway-psigw/
Risk: High
Date published: 18.07.2017
Vendor contacted: Oracle
2. VULNERABILITY INFORMATION
Class: Directory Traversal
Impact: Read, delete, rewrite file from the system
Remotely Exploitable: Yes
CVE Name: CVE-2017-10061
CVSS Information
CVSS Base Score v3: 8.3 / 10
CVSS Base Vector:
AV: Attack Vector (Related exploit range) Network (N)
AC: Attack Complexity (Required attack complexity) Low (L)
PR: Privileges Required (Level of privileges needed to exploit) None (N)
UI: User Interaction (Required user participation) None (N)
S: Scope (Change in scope due to impact caused to components beyond
the vulnerable component) Changed (C)
C: Impact to Confidentiality Low (L)
I: Impact to Integrity Low (L)
A: Impact to Availability Low (L)
3. VULNERABILITY DESCRIPTION
Oracle PeopleSoft HCM 9.2 suffers from one critical and several
directory traversal vulnerabilities which can be leveraged to get
remote command execution on the server.
Some well-known impacts of Directory Traversal vulnerability are -
- attacker could read content of arbitrary files on the remote server
and expose sensitive data
- attacker could overwrite, delete, or corrupt arbitrary files on the
remote server
4. VULNERABLE PACKAGES
Oracle PeopleSoft HCM 9.2
5. SOLUTIONS AND WORKAROUNDS
To correct this vulnerability, implement Oracle CPU July 2017
(http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html)
6. AUTHOR
Roman Shalymov
# 0day.today [2018-04-08] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
22 Jul 2017 00:00Current
0.3Low risk
Vulners AI Score0.3
EPSS0.00911