Products

Solutions

Company

Book A Live Demo

CVE-2017-10368 : Security Advisory and Response

Learn about CVE-2017-10368, a vulnerability in Oracle's PeopleSoft Enterprise SCM eProcurement component allowing unauthorized access to sensitive data. Find out how to mitigate this security risk.

A vulnerability in the Manage Requisition Status subcomponent of Oracle's PeopleSoft Enterprise SCM eProcurement component allows attackers to compromise the system.

Understanding CVE-2017-10368

This CVE involves a security flaw in the PeopleSoft Enterprise SCM eProcurement component, impacting versions 9.1.00 and 9.2.00.

What is CVE-2017-10368?

The vulnerability in the Manage Requisition Status subcomponent of PeopleSoft Enterprise SCM eProcurement allows unauthenticated attackers with network access via HTTP to compromise the system. Successful exploitation requires human interaction from a third party.

The Impact of CVE-2017-10368

Unauthorized access to update, insert, or delete data in PeopleSoft Enterprise SCM eProcurement

Unauthorized access to read a subset of PeopleSoft Enterprise SCM eProcurement data

CVSS 3.0 Base Score of 6.1 affecting confidentiality and integrity

Technical Details of CVE-2017-10368

This section provides more technical insights into the vulnerability.

Vulnerability Description

The vulnerability allows attackers to compromise the PeopleSoft Enterprise SCM eProcurement system through network access via HTTP.

Affected Systems and Versions

Product: PeopleSoft Enterprise SCM eProcurement

Vendor: Oracle Corporation

Affected Versions: 9.1.00, 9.2.00

Exploitation Mechanism

Attacker requires network access via HTTP

Human interaction from a person other than the attacker is needed

Attacks can impact additional products beyond PeopleSoft Enterprise SCM eProcurement

Mitigation and Prevention

Protecting systems from CVE-2017-10368 is crucial for maintaining security.

Immediate Steps to Take

Apply security patches provided by Oracle

Monitor network traffic for any suspicious activity

Educate users on recognizing and avoiding phishing attempts

Long-Term Security Practices

Regularly update and patch software and systems

Implement network segmentation to limit the attack surface

Conduct regular security audits and penetration testing

Patching and Updates

Stay informed about security advisories from Oracle

Apply patches promptly to address known vulnerabilities

CVE-2017-10368 : Security Advisory and Response

Understanding CVE-2017-10368

What is CVE-2017-10368?

The Impact of CVE-2017-10368

Technical Details of CVE-2017-10368

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now

CVE-2017-10368 : Security Advisory and Response

.css-lczsrn{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:24px;font-weight:700;margin-top:1rem;font-family:sans-serif;}Understanding CVE-2017-10368

.css-ru2q5j{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:1.2rem;font-weight:700;margin-top:1rem;margin-bottom:0rem;font-family:sans-serif;}What is CVE-2017-10368?

The Impact of CVE-2017-10368

Technical Details of CVE-2017-10368

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities? Find Out Now

Understanding CVE-2017-10368

What is CVE-2017-10368?

Is your System Free of Underlying Vulnerabilities?
Find Out Now