Vulnerability CVE-2010-4426 - CERT Civis.Net

Vulnerability Name:

CVE-2010-4426 (CCN-64787)

Assigned:

2010-12-06

Published:

2011-01-19

Updated:

2017-08-17

Summary:

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft and JDEdwards Suite 8.49.0 through 8.49.29, 8.50.0 through 8.50.14, and 8.51.0 through 8.51.04 allows remote attackers to affect integrity, related to PIA Core Technology.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2010-4426

Source: OSVDB
Type: UNKNOWN
70560

Source: CCN
Type: SA42924
Oracle PeopleSoft Enterprise PeopleTools Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
42924

Source: CCN
Type: SECTRACK ID: 1024978
Oracle PeopleSoft PeopleTools and JDEdwards Bugs Let Remote Users Partially Deny Service, Access Data, and Modify Data

Source: CCN
Type: Oracle Critical Patch Update Advisory - January 2011
Oracle Critical Patch Update Advisory - January 2011

Source: CONFIRM
Type: Vendor Advisory
http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html

Source: CCN
Type: OSVDB ID: 70560
Oracle PeopleSoft and JDEdwards Suite PeopleTools PIA Core Technology Unspecified Remote Issue (2010-4426)

Source: BID
Type: UNKNOWN
45867

Source: CCN
Type: BID-45867
Oracle PeopleSoft Enterprise PeopleTools CVE-2010-4426 Remote Vulnerability

Source: SECTRACK
Type: UNKNOWN
1024978

Source: VUPEN
Type: UNKNOWN
ADV-2011-0147

Source: XF
Type: UNKNOWN
peoplesoft-pia-unauth-access(64787)

Source: XF
Type: UNKNOWN
peoplesoft-pia-unauth-access(64787)

Vulnerable Configuration:

Configuration 1:

cpe:/a:oracle:peoplesoft_and_jdedwards_product_suite:8.49.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:peoplesoft_and_jdedwards_product_suite:8.49.29:*:*:*:*:*:*:*

OR cpe:/a:oracle:peoplesoft_and_jdedwards_product_suite:8.50.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:peoplesoft_and_jdedwards_product_suite:8.50.14:*:*:*:*:*:*:*

OR cpe:/a:oracle:peoplesoft_and_jdedwards_product_suite:8.51.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:peoplesoft_and_jdedwards_product_suite:8.51.04:*:*:*:*:*:*:*

OR cpe:/a:oracle:peoplesoft_enterprise:8.49.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:peoplesoft_enterprise:8.49.29:*:*:*:*:*:*:*

OR cpe:/a:oracle:peoplesoft_enterprise:8.50.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:peoplesoft_enterprise:8.50.14:*:*:*:*:*:*:*

OR cpe:/a:oracle:peoplesoft_enterprise:8.51.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:peoplesoft_enterprise:8.51.04:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.49:*:*:*:*:*:*:*

OR cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.50:*:*:*:*:*:*:*

OR cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.51:*:*:*:*:*:*:*

Denotes that component is vulnerable