Vulnerability CVE-2014-0439

Vulnerability Name:

CVE-2014-0439 (CCN-90315)

Assigned:

2013-12-12

Published:

2014-01-14

Updated:

2014-02-07

Summary:

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect integrity via unknown vectors related to Report Distribution.

CVSS v3 Severity:

3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N)
3.0 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-noinfo

Vulnerability Consequences:

Unknown

References:

Source: MITRE
Type: CNA
CVE-2014-0439

Source: OSVDB
Type: UNKNOWN
102042

Source: SECUNIA
Type: UNKNOWN
56478

Source: CCN
Type: Oracle Web site
Oracle Critical Patch Update Advisory - January 2014

Source: CONFIRM
Type: Vendor Advisory
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

Source: BID
Type: UNKNOWN
64758

Source: CCN
Type: BID-64758
RETIRED: Oracle January 2014 Critical Patch Update Multiple Vulnerabilities

Source: BID
Type: UNKNOWN
64884

Source: CCN
Type: BID-64884
Oracle PeopleSoft Enterprise PeopleTools CVE-2014-0439 Remote Security Vulnerability

Source: SECTRACK
Type: UNKNOWN
1029623

Source: XF
Type: UNKNOWN
oracle-cpujan2014-cve20140439(90315)

Vulnerable Configuration:

Configuration 1:

cpe:/a:oracle:peoplesoft_products:8.52:*:*:*:*:*:*:*

OR cpe:/a:oracle:peoplesoft_products:8.53:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:oracle:peoplesoft_products:8.52:*:*:*:*:*:*:*

OR cpe:/a:oracle:peoplesoft_products:8.53:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK