Oracle Peoplesoft Enterprise Peopletools vulnerabilities

CVE-2019-2490 [MEDIUM] CVE-2019-2490: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Panel Processor). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require h

CVE-2018-5407 [MEDIUM] CWE-200 CVE-2018-5407: Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerab Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.

CVE-2018-0734 [MEDIUM] CWE-327 CVE-2018-0734: The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).

CVE-2018-0735 [MEDIUM] CWE-327 CVE-2018-0735: The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attac The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).

CVE-2018-3192 [HIGH] CVE-2018-3192: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Query). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can r

CVE-2018-3165 [HIGH] CVE-2018-3165: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: SQR). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can res

CVE-2018-3153 [MEDIUM] CVE-2018-3153: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks requi

CVE-2018-3129 [MEDIUM] CVE-2018-3129: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human inte

CVE-2018-3261 [MEDIUM] CVE-2018-3261: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of thi

CVE-2018-3194 [MEDIUM] CVE-2018-3194: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Activity Guide). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human in

CVE-2018-3202 [MEDIUM] CVE-2018-3202: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Performance Monitor). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vul

CVE-2018-3198 [MEDIUM] CVE-2018-3198: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerabil

CVE-2018-3257 [MEDIUM] CVE-2018-3257: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require hum

CVE-2018-3154 [MEDIUM] CVE-2018-3154: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interactio

CVE-2018-3132 [MEDIUM] CVE-2018-3132: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Rich Text Editor). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human

CVE-2018-3207 [MEDIUM] CVE-2018-3207: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interactio

CVE-2018-3262 [MEDIUM] CVE-2018-3262: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Stylesheet). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human

CVE-2018-3205 [MEDIUM] CVE-2018-3205: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Workflow). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human in

CVE-2018-3135 [MEDIUM] CVE-2018-3135: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interactio

CVE-2018-3193 [MEDIUM] CVE-2018-3193: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Activity Guide). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human in