OSVDB ID: 40014

Title: Oracle PeopleSoft HCM HTTP Unspecified Remote Information Disclosure

Info

Disclosure
Oct 17, 2007

Discovery
Unknown

Dates

Exploit
Unknown

Solution
Unknown

Description

 PeopleSoft HCM contains an unspecified flaw related to the Absence Management Module where managers with access to the module may obtain unauthorized access to employee absence data. No further details have been provided.

Classification

 Location: Remote / Network Access
Attack Type: Information Disclosure, Attack Type Unknown
Impact: Loss of Confidentiality, Impact Unknown
Solution: Patch / RCS
Exploit: Exploit Unknown
Disclosure: Vendor Verified
OSVDB: Authentication Required, Web Related

Solution

 Currently, there are no known workarounds or upgrades to correct this issue. However, Oracle has released patches for each product line to address this vulnerability.

Products

Oracle Corporation

PeopleSoft Enterprise Human Capital Management

 8.9 Bundle 1
8.9 Bundle 2
8.9 Bundle 3
8.9 Bundle 4
8.9 Bundle 5
8.9 Bundle 6
8.9 Bundle 7
8.9 Bundle 8
8.9 Bundle 9
8.9 Bundle 10
8.9 Bundle 11
8.9 Bundle 12
8.9 Bundle 13
9.0 GA
8.9 GA
9.0 Bundle 1
9.0 Bundle 2
9.0 Bundle 3

References

Credit

Unknown or Incomplete


Direct URL: http://osvdb.org/40014