Oracle Peoplesoft Enterprise Peopletools vulnerabilities

CVE-2018-3262 [MEDIUM] CVE-2018-3262: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Stylesheet). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human

CVE-2018-3205 [MEDIUM] CVE-2018-3205: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Workflow). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human in

CVE-2018-3135 [MEDIUM] CVE-2018-3135: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interactio

CVE-2018-3193 [MEDIUM] CVE-2018-3193: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Activity Guide). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human in

CVE-2018-3301 [MEDIUM] CVE-2018-3301: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require hum

CVE-2018-3206 [MEDIUM] CVE-2018-3206: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interactio

CVE-2018-3255 [MEDIUM] CVE-2018-3255: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Core). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human

CVE-2018-3164 [MEDIUM] CVE-2018-3164: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Elastic Search). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human in

CVE-2018-3239 [MEDIUM] CVE-2018-3239: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vuln

CVE-2018-8032 [MEDIUM] CWE-79 CVE-2018-8032: Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.

CVE-2018-2990 [HIGH] CVE-2018-2990: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.55 and 8.56. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vuln

CVE-2018-2977 [MEDIUM] CVE-2018-2977: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require huma

CVE-2018-2929 [MEDIUM] CVE-2018-2929: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require hum

CVE-2018-3016 [MEDIUM] CVE-2018-3016: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulne

CVE-2018-2986 [MEDIUM] CVE-2018-2986: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Workflow). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interact

CVE-2018-2970 [MEDIUM] CVE-2018-2970: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Search Functionality). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this

CVE-2018-2951 [MEDIUM] CVE-2018-2951: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Configuration Manager). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft

CVE-2018-2985 [MEDIUM] CVE-2018-2985: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Workflow). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interact

CVE-2018-2919 [MEDIUM] CVE-2018-2919: Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subc Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Unified Navigation). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require huma

CVE-2018-1000613 [CRITICAL] CWE-470 CVE-2018-1000613: Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not in Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result