发布日期:2010-07-17
更新日期:2010-07-20
受影响系统:
Oracle PeopleSoft CRM 9.1
Oracle PeopleSoft Enterprise HCM 9.1
Oracle PeopleSoft Enterprise HCM 9.0
Oracle PeopleSoft Enterprise HCM 8.9
Oracle PeopleSoft PeopleTools 8.50
Oracle PeopleSoft PeopleTools 8.49
Oracle Enterprise Campus Solutions 9.0
Oracle FSCM 9.1
Oracle FSCM 9.0
Oracle FSCM 8.9
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 41644,41646,41640,41641,41648,41645,41708,41647
CVE ID: CVE-2010-2377,CVE-2010-2378,CVE-2010-2379,CVE-2010-2380,CVE-2010-2398,CVE-2010-2401,CVE-2010-2402,CVE-2010-2403
PeopleSoft企业软件集成多个商务功能,包括人事、客户关系、供求关系、财务等管理。
PeopleSoft的FSCM、Customer Relationship Management、HCM eProfile Manager、PeopleTools、Human Capital Management、HCM Time&Labor、PeopleTools、Campus Solutions组件中存在多个安全漏洞,远程攻击者可以通过HTTP协议来利用这些漏洞,导致拒绝服务、读取敏感信息或完全入侵数据库系统。
建议:
--------------------------------------------------------------------------------
厂商补丁:
Oracle
------
Oracle已经为此发布了一个安全公告(cpujul2010)以及相应补丁:
cpujul2010:Oracle Critical Patch Update Advisory - July 2010
链接:http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2010.html