Vulnerability Details : CVE-2017-10366
Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: Performance Monitor). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PT PeopleTools. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Products affected by CVE-2017-10366
- cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.54:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-10366
11.75%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-10366
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
References for CVE-2017-10366
-
https://www.exploit-db.com/exploits/43594/
Oracle PeopleSoft 8.5x - Remote Code Execution
-
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Oracle Critical Patch Update - October 2017Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/101455
Oracle PeopleSoft Enterprise PT PeopleTools CVE-2017-10366 Remote Security VulnerabilityThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1039598
Oracle PeopleSoft Products Multiple Flaws Let Remote Users Access and Modify Data, Deny Service, and Gain Elevated Privileges on the Target System - SecurityTrackerThird Party Advisory;VDB Entry
Jump to