Vulnerability Description
Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.18 and 8.49.14 allows remote attackers to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the Oracle October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue allows bypass of the lockout mechanism using brute force guessing of credentials and a response discrepancy information leak when the password is correct.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jdedwards | Enterpriseone | 8.48.18 |
| Oracle | Jd Edwards Enterpriseone | 8.49.14 |
| Oracle | Peoplesoft Enterprise | 8.48.18 |
| Oracle | Peoplesoft Peopletools | 8.49.14 |
References
- http://secunia.com/advisories/32291Vendor Advisory
- http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html
- http://www.securityfocus.com/archive/1/497543/100/0/threaded
- http://www.securitytracker.com/id?1021055
- http://www.vupen.com/english/advisories/2008/2825
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45902
- http://secunia.com/advisories/32291Vendor Advisory
- http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html
- http://www.securityfocus.com/archive/1/497543/100/0/threaded
- http://www.securitytracker.com/id?1021055
- http://www.vupen.com/english/advisories/2008/2825
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45902
FAQ
What is CVE-2008-4000?
CVE-2008-4000 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.18 and 8.49.14 allows remote attackers to affect confidentiality and integrity ...
How severe is CVE-2008-4000?
CVE-2008-4000 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-4000?
Check the references section above for vendor advisories and patch information. Affected products include: Jdedwards Enterpriseone, Oracle Jd Edwards Enterpriseone, Oracle Peoplesoft Enterprise, Oracle Peoplesoft Peopletools.