Oracle Peoplesoft Enterprise Peopletools vulnerabilities

CVE-2020-14806 [MEDIUM] CVE-2020-14806: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Quer Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can resul

CVE-2020-14801 [MEDIUM] CVE-2020-14801: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human inte

CVE-2020-14847 [LOW] CVE-2020-14847: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Quer Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result i

CVE-2020-1968 [LOW] CWE-203 CVE-2020-1968: The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can

CVE-2020-24977 [MEDIUM] CWE-125 CVE-2020-24977: GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesIntern GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.

CVE-2020-7017 [MEDIUM] CWE-79 CVE-2020-7017: In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS fla In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region map visualization could obtain sensitive information or perform destructive actions on behalf of Kibana users who view the region map visualization.

CVE-2020-7016 [MEDIUM] CWE-185 CVE-2020-7016: Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attac Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive.

CVE-2020-8203 [HIGH] CWE-770 CVE-2020-8203: Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20. Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.

CVE-2020-14558 [MEDIUM] CVE-2020-14558: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Port Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can resu

CVE-2020-14592 [MEDIUM] CWE-79 CVE-2020-14592: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Rich Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Rich Text Editor). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human

CVE-2020-14600 [MEDIUM] CVE-2020-14600: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Port Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from

CVE-2020-14627 [MEDIUM] CVE-2020-14627: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Quer Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from

CVE-2020-14564 [LOW] CVE-2020-14564: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Envi Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Environment Mgmt Console). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnera

CVE-2020-7656 [MEDIUM] CWE-79 CVE-2020-7656: jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "" HTML tags that contain a whitespace character, i.e: "", which results in the enclosed script logic to be executed.

CVE-2020-11022 [MEDIUM] CWE-79 CVE-2020-11022: In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sa In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

CVE-2020-9488 [LOW] CWE-295 CVE-2020-9488: Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allo Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1

CVE-2020-1967 [HIGH] CWE-476 CVE-2020-1967: Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 han Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by

CVE-2020-2776 [HIGH] CVE-2020-2776: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Secu Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. While the vulnerability is in PeopleSoft Enterprise Peopl

CVE-2020-2782 [HIGH] CVE-2020-2782: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Quer Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a pe

CVE-2020-2859 [HIGH] CVE-2020-2859: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: nVis Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: nVision). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result