CVE Vulnerabilities

CVE-2003-0950

Published: Dec 15, 2003 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x allows remote attackers to execute arbitrary commands by uploading a file to the IClient Servlet, guessing the insufficiently random (system time) name of the directory used to store the file, and directly requesting that file.

Affected Software

Name Vendor Start Version End Version
Peopletools Peoplesoft 8.4 8.4
Peopletools Peoplesoft 8.10 8.10
Peopletools Peoplesoft 8.11 8.11
Peopletools Peoplesoft 8.12 8.12
Peopletools Peoplesoft 8.13 8.13
Peopletools Peoplesoft 8.14 8.14
Peopletools Peoplesoft 8.15 8.15
Peopletools Peoplesoft 8.16 8.16
Peopletools Peoplesoft 8.17 8.17
Peopletools Peoplesoft 8.18 8.18
Peopletools Peoplesoft 8.19 8.19
Peopletools Peoplesoft 8.20 8.20
Peopletools Peoplesoft 8.40 8.40
Peopletools Peoplesoft 8.41 8.41
Peopletools Peoplesoft 8.42 8.42
Peopletools Peoplesoft 8.43 8.43

References