Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-10366Corporation Peoplesoft Enterprise PT Peopletools vulnerability

7 documents5 sources
Severity
9.8CRITICALNVD
EPSS
64.4%
top 1.55%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Oracle Corporation Peoplesoft Enterprise PT PeopletoolsOracle Peoplesoft Enterprise Peopletools
Timeline
PublishedOct 19
Latest updateMay 13

Description

Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: Performance Monitor). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PT PeopleTools. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-x3gm-2857-wgw6: Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: Performance Monitor)2022-05-13
CVEList
CVE-2017-10366: Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: Performance Monitor)2017-10-19

💥Exploits & PoCs

1
Exploit-DB
Oracle PeopleSoft 8.5x - Remote Code Execution2018-01-15

💬Community

3
HackerOne
Remote Code Execution (RCE) in a DoD website2019-10-08
HackerOne
Remote Code Execution (RCE) in a DoD website2019-10-08
HackerOne
Remote Code Execution (RCE) in a DoD website2019-10-08
CVE-2017-10366 — CRITICAL severity | cvebase