Описание
PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x allows remote attackers to execute arbitrary commands by uploading a file to the IClient Servlet, guessing the insufficiently random (system time) name of the directory used to store the file, and directly requesting that file.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:peoplesoft:peopletools:8.4:*:*:*:*:*:*:*
cpe:2.3:a:peoplesoft:peopletools:8.10:*:*:*:*:*:*:*
cpe:2.3:a:peoplesoft:peopletools:8.11:*:*:*:*:*:*:*
cpe:2.3:a:peoplesoft:peopletools:8.12:*:*:*:*:*:*:*
cpe:2.3:a:peoplesoft:peopletools:8.13:*:*:*:*:*:*:*
cpe:2.3:a:peoplesoft:peopletools:8.14:*:*:*:*:*:*:*
cpe:2.3:a:peoplesoft:peopletools:8.15:*:*:*:*:*:*:*
cpe:2.3:a:peoplesoft:peopletools:8.16:*:*:*:*:*:*:*
cpe:2.3:a:peoplesoft:peopletools:8.17:*:*:*:*:*:*:*
cpe:2.3:a:peoplesoft:peopletools:8.18:*:*:*:*:*:*:*
cpe:2.3:a:peoplesoft:peopletools:8.19:*:*:*:*:*:*:*
cpe:2.3:a:peoplesoft:peopletools:8.20:*:*:*:*:*:*:*
cpe:2.3:a:peoplesoft:peopletools:8.40:*:*:*:*:*:*:*
cpe:2.3:a:peoplesoft:peopletools:8.41:*:*:*:*:*:*:*
cpe:2.3:a:peoplesoft:peopletools:8.42:*:*:*:*:*:*:*
cpe:2.3:a:peoplesoft:peopletools:8.43:*:*:*:*:*:*:*
EPSS
Процентиль: 76%
0.00982
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
больше 3 лет назад
PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x allows remote attackers to execute arbitrary commands by uploading a file to the IClient Servlet, guessing the insufficiently random (system time) name of the directory used to store the file, and directly requesting that file.
EPSS
Процентиль: 76%
0.00982
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other