Описание
The Application Messaging Gateway for PeopleTools 8.1x before 8.19, as used in various PeopleSoft products, allows remote attackers to read arbitrary files via certain XML External Entities (XXE) fields in an HTTP POST request that is processed by the SimpleFileHandler handler.
Ссылки
- Vendor Advisory
- PatchVendor Advisory
- Vendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:peoplesoft:peopletools:8.14:*:*:*:*:*:*:*
cpe:2.3:a:peoplesoft:peopletools:8.15:*:*:*:*:*:*:*
cpe:2.3:a:peoplesoft:peopletools:8.16:*:*:*:*:*:*:*
cpe:2.3:a:peoplesoft:peopletools:8.17:*:*:*:*:*:*:*
cpe:2.3:a:peoplesoft:peopletools:8.18:*:*:*:*:*:*:*
EPSS
Процентиль: 62%
0.00424
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
The Application Messaging Gateway for PeopleTools 8.1x before 8.19, as used in various PeopleSoft products, allows remote attackers to read arbitrary files via certain XML External Entities (XXE) fields in an HTTP POST request that is processed by the SimpleFileHandler handler.
EPSS
Процентиль: 62%
0.00424
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other