Security flaws detected in PeopleSoft

A security flaw recently detected in enterprise software provider PeopleSoft Inc.’s PeopleTools application framework may allow unauthorized users remote access to sensitive data.

Internet Security Systems Inc.’s (ISS) X-Force organization reported Monday that on the “SchedulerTransfer” servlet located on the PeopleSoft Web server – used to transfer reports to and from the report repository when using HTTP or HTTPS – is accessible by attacker as a Java servlet.

ISS said attackers could exploit the vulnerability using a remote command execution and replace files with bogus “attacker-defined” data under the permissions of the Web server.

ISS added the attacked PeopleSoft Web server installations may disclose critical confidential information and possibly affect PeopleSoft Application and Database back-end servers. The affected PeopleSoft installations includes PeopleTools 8.10-8.18, PeopleTools 8.40 and 8.41, ISS said, adding it recommends PeopleSoft administrators should either block or restrict access to the offending servlet in question.

According to ISS, PeopleSoft has already repaired flaws in PeopleTools 8.19 and 8.42 and has patches available for implementations 8.18.06 and 8.41.05.

ISS can be found at www.iss.com.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now