Remote Authentication Vulnerability in Oracle PeopleSoft Human Resource Management System
CVE-2010-4441

Currently unrated

Key Information:

Vendor: Oracle
Status: Peoplesoft And Jdedwards Product Suite
Vendor: CVE Published:; 19 January 2011

Summary

An unspecified vulnerability exists in the PeopleSoft Enterprise HRMS component of Oracle's PeopleSoft and JDEdwards Suite 9.1 Bundle #4. This flaw allows remote authenticated users to potentially compromise the confidentiality and integrity of user data through unknown vectors, particularly pertaining to the Talent Acquisition Manager functionality. Proper sanitation and validation mechanisms may be inadequate, thereby exposing sensitive information and operational risks within affected systems.

References

http://www.vupen.com/english/advisories/2011/0147

vdb-entryx_refsource_VUPEN

http://www.securitytracker.com/id?1024978

vdb-entryx_refsource_SECTRACK

http://osvdb.org/70576

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Jan 19, 2011
Vulnerability Reserved
Dec 6, 2010