Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Application Messaging Gateway for PeopleTools 8.1x before 8.19, as used in various PeopleSoft products, allows remote attackers to read arbitrary files via certain XML External Entities (XXE) fields in an HTTP POST request that is processed by the SimpleFileHandler handler.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PeopleSoft XML外部实体任意文件可读漏洞
Vulnerability Description
PeopleSoft企业软件集成多个商务功能,包括人事、客户关系、供求关系、财务等管理。PeopleSoft应用消息网关提供基于WEB的功能,允许PeopleSoft产品和非PeopleSoft产品相互间通信和同步。 PeopleSoft包含的WEB服务程序对XML外部实体(Extenal Entity)数据缺少正确处理,远程攻击者可以利用这个漏洞读取系统任意文件内容。 PeopleSoft应用消息网关可以通过网关管理servlet来进行管理,servlet默认情况下任意用户可访问。虽然很容易关闭使用Se
CVSS Information
N/A
Vulnerability Type
N/A