Oracle Peoplesoft Enterprise Peopletools vulnerabilities

CVE-2018-3301 [MEDIUM] CVE-2018-3301: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require hum

CVE-2018-3206 [MEDIUM] CVE-2018-3206: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interactio

CVE-2018-3255 [MEDIUM] CVE-2018-3255: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Core). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human

CVE-2018-3164 [MEDIUM] CVE-2018-3164: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Elastic Search). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human in

CVE-2018-3239 [MEDIUM] CVE-2018-3239: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vuln

CVE-2018-8032 [MEDIUM] CWE-79 CVE-2018-8032: Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.

CVE-2018-2990 [HIGH] CVE-2018-2990: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.55 and 8.56. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vuln

CVE-2018-2977 [MEDIUM] CVE-2018-2977: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require huma

CVE-2018-2929 [MEDIUM] CVE-2018-2929: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require hum

CVE-2018-3016 [MEDIUM] CVE-2018-3016: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulne

CVE-2018-2986 [MEDIUM] CVE-2018-2986: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Workflow). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interact

CVE-2018-2970 [MEDIUM] CVE-2018-2970: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Search Functionality). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this

CVE-2018-2951 [MEDIUM] CVE-2018-2951: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Configuration Manager). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft

CVE-2018-2985 [MEDIUM] CVE-2018-2985: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Workflow). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interact

CVE-2018-2919 [MEDIUM] CVE-2018-2919: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Unified Navigation). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require huma

CVE-2018-1000613 [CRITICAL] CWE-470 CVE-2018-1000613: Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not in Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result

CVE-2018-1000180 [HIGH] CWE-327 CVE-2018-1000180: Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level in Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later.

CVE-2018-1000301 [CRITICAL] CWE-125 CVE-2018-1000301: curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerabi curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl = 7.60.0.

CVE-2018-2772 [HIGH] CVE-2018-2772: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Rich Text Editor). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vul

CVE-2018-2774 [HIGH] CVE-2018-2774: Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (s Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: SQR). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerabi