Improper access control in PeopleSoft Enterprise PeopleTools - CVE-2017-3547
Published: April 6, 2018
Vulnerability identifier: #VU11598
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-3547
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Oracle
Affected software:
PeopleSoft Enterprise PeopleTools
PeopleSoft Enterprise PeopleTools
Detailed vulnerability description
The vulnerability allows a remote unauthenticated attacker to write arbitrary files on the target system.
The weakness exists in the PeopleSoft Enterprise PeopleTools component due to improper access control. A remote attacker can trick the victim into opening specially crafted input, create, delete or modify critical data or all accessible data.
The weakness exists in the PeopleSoft Enterprise PeopleTools component due to improper access control. A remote attacker can trick the victim into opening specially crafted input, create, delete or modify critical data or all accessible data.
How to mitigate CVE-2017-3547
Install update from vendor's website.