Oracle PeopleSoft 漏洞列表

共找到 2 个与 Oracle PeopleSoft 相关的漏洞

📅 加载漏洞趋势中...

Oracle PeopleSoft /PSIGW/PeopleSoftServiceListeningConnector XML 外部实体注入漏洞（CVE-2017-3548）无POC

日期: 2025-08-22 | 影响软件: Oracle PeopleSoft

Oracle PeopleSoft Enterprise PeopleTools 是 Oracle 公司提供的一套企业管理工具和技术平台组件。其 /PSIGW/PeopleSoftServiceListeningConnector 接口存在 XML 外部实体注入（XXE）漏洞，攻击者可以通过构造恶意的 XML 请求读取服务器上的敏感文件或与外部服务器交互，可能导致信息泄露或部分拒绝服务（partial DOS）。
CVE-2023-22047: Oracle Peoplesoft - Unauthenticated File Read POC

日期: 2025-08-01 | 影响软件: Oracle Peoplesoft

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component- Portal). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data.