Vulnerabilities > CVE-2011-2272 - Remote PeopleSoft Enterprise FSCM vulnerability in Oracle PeopleSoft

CVSS 5.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

oracle

NVD

Published: 2011-07-21

Updated: 2011-10-05

Summary

Unspecified vulnerability in the PeopleSoft Enterprise FSCM component in Oracle PeopleSoft Products 9.0, Bundle, #36, 9.1, Bundle, and #13 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to eProcurement.

Vulnerable Configurations

Part	Description	Count
Application	Oracle Oracle Peoplesoft Enterprise Fscm 9.0 Oracle Peoplesoft Enterprise Fscm 9.1 Oracle Peoplesoft Products 9.0 Oracle Peoplesoft Products 9.1	4

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 48777 CVE ID: CVE-2011-2272 PeopleSoft企业软件集成多个商务功能，包括人事、客户关系、供求关系、财务等管理。PeopleSoft PeopleTools网关管理Servlet存在信息泄露问题， PeopleSoft的Enterprise PeopleTools在HRMS的实现上存在安全漏洞，远程攻击者可通过'HTTP(s)'协议利用此漏洞影响eProcurement子组件，非法更新、插入、删除PeopleSoft Enterprise FSCM中的可访问数据，非法读取其子集数据。 Oracle PeopleSoft Enterprise FSCM 厂商补丁： Oracle ------ Oracle已经为此发布了一个安全公告（cpujuly2011-313328）以及相应补丁: cpujuly2011-313328：Oracle Critical Patch Update Advisory - July 2011 链接：http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html
id	SSV:20744
last seen	2017-11-19
modified	2011-07-20
published	2011-07-20
reporter	Root
title	Oracle PeopleSoft Enterprise远程FSCM漏洞(CVE-2011-2272)

Summary

Vulnerable Configurations

Seebug

References