Oracle Peoplesoft Enterprise Peopletools vulnerabilities
350 known vulnerabilities affecting oracle/peoplesoft_enterprise_peopletools.
Total CVEs
350
CISA KEV
1
actively exploited
Public exploits
12
Exploited in wild
4
Severity breakdown
CRITICAL23HIGH86MEDIUM228LOW13
Vulnerabilities
Page 6 of 18
CVE-2021-27568MEDIUMCVSS 5.9v8.58v8.592021-02-23
CVE-2021-27568 [MEDIUM] CWE-754 CVE-2021-27568: An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. A
An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive information.
nvd
CVE-2021-23841MEDIUMCVSS 5.9v8.57v8.58+1 more2021-02-16
CVE-2021-23841 [MEDIUM] CWE-476 CVE-2021-23841: The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value
The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This ma
nvd
CVE-2021-23337HIGHCVSS 7.2PoCv8.58v8.592021-02-15
CVE-2021-23337 [HIGH] CWE-94 CVE-2021-23337: Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
nvd
CVE-2020-28500MEDIUMCVSS 5.3v8.58v8.592021-02-15
CVE-2020-28500 [MEDIUM] CVE-2020-28500: Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via
Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
nvd
CVE-2021-2063HIGHCVSS 8.4v8.56v8.57+1 more2021-01-20
CVE-2021-2063 [HIGH] CVE-2021-2063: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Port
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools.
nvd
CVE-2021-2071HIGHCVSS 8.1v8.56v8.57+1 more2021-01-20
CVE-2021-2071 [HIGH] CVE-2021-2071: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elas
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Supported versions that are affected are 8.56, 8.57 and 8.58. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability ca
nvd
CVE-2021-2043MEDIUMCVSS 6.1v8.56v8.57+1 more2021-01-20
CVE-2021-2043 [MEDIUM] CVE-2021-2043: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Port
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a
nvd
CVE-2021-23926CRITICALCVSS 9.1v8.57v8.58+1 more2021-01-14
CVE-2021-23926 [CRITICAL] CWE-776 CVE-2021-23926: The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect th
The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0.
nvd
CVE-2020-28052HIGHCVSS 8.1v8.56v8.57+1 more2020-12-18
CVE-2020-28052 [HIGH] CVE-2020-28052: An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.chec
An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.
nvd
CVE-2020-8286HIGHCVSS 7.5v8.582020-12-14
CVE-2020-8286 [HIGH] CWE-295 CVE-2020-8286: curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insu
curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.
nvd
CVE-2020-8285HIGHCVSS 7.5v8.582020-12-14
CVE-2020-8285 [HIGH] CWE-674 CVE-2020-8285: curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow
curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.
nvd
CVE-2020-8284LOWCVSS 3.7v8.582020-12-14
CVE-2020-8284 [LOW] CWE-200 CVE-2020-8284: A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting ba
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.
nvd
CVE-2020-8908LOWCVSS 3.3v8.57v8.58+1 more2020-12-10
CVE-2020-8908 [LOW] CWE-378 CVE-2020-8908: A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with a
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to
nvd
CVE-2020-1971MEDIUMCVSS 5.9v8.56v8.57+1 more2020-12-08
CVE-2020-1971 [MEDIUM] CWE-476 CVE-2020-1971: The X.509 GeneralName type is a generic type for representing different types of names. One of those
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A
nvd
CVE-2020-13956MEDIUMCVSS 5.3v8.57v8.582020-12-02
CVE-2020-13956 [MEDIUM] CVE-2020-13956: Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority co
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
nvd
CVE-2020-27193MEDIUMCVSS 6.1v8.56v8.57+1 more2020-11-12
CVE-2020-27193 [MEDIUM] CWE-79 CVE-2020-27193: A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows rem
A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs.
nvd
CVE-2020-14813MEDIUMCVSS 6.1v8.56v8.57+1 more2020-10-21
CVE-2020-14813 [MEDIUM] CVE-2020-14813: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Grids). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction fr
nvd
CVE-2020-14795MEDIUMCVSS 6.5v8.57v8.582020-10-21
CVE-2020-14795 [MEDIUM] CVE-2020-14795: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interactio
nvd
CVE-2020-14802MEDIUMCVSS 6.1v8.56v8.57+1 more2020-10-21
CVE-2020-14802 [MEDIUM] CVE-2020-14802: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human inte
nvd
CVE-2020-14832MEDIUMCVSS 6.1v8.56v8.57+1 more2020-10-21
CVE-2020-14832 [MEDIUM] CVE-2020-14832: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Inte
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Integration Broker). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human inte
nvd