HTTP: Oracle PeopleSoft XML External Entity Injection
This signature detects attempts to exploit a known vulnerability against Oracle PeopleSoft. A successful attack can lead to an XML External Entity Injection.
Extended Description
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L).
Affected Products
Oracle peoplesoft_enterprise_peopletools
References
CVE: CVE-2017-3548
Short Name
HTTP:ORACLE:PEOPLESOFT-XXE
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2017-3548 Entity External Injection Oracle PeopleSoft XML
Release Date
11/24/2020
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3415
False Positive
Rarely
Vendors
Oracle
CVSS Score
6.4