PeopleTools CPU Analysis    RSS Feed

>
CPU Date CVE #'s included in the CPU
Scroll down to Jan 16 to see the beginning of PeopleTools 8.55 CPU fixes.
Note: Use of CVSS 3 from July 2016 in Risk Matrix
CVSS PeopleTools 8.49 Patch PeopleTools 8.50 Patch PeopleTools 8.51 Patch PeopleTools 8.52 Patch PeopleTools 8.53 Patch PeopleTools 8.54 Patch
Apr-08 no additional details 8.49.09          
Jul-08 no additional details 8.49.11          
Oct-08 no additional details 8.49.14          
Jan-09 no additional details N/A          
Apr-09 CVE-2009-1013 Node password
CVE-2009-1014 Business Interlink
CVE-2009-0982 XSS in PIA
6.4
5.8
4.0
8.49.20          
Jul-09 CVE-2009-1987 XSS in JMS 5.0 8.49.22          
Oct-09 CVE-2009-3404 XSSin PIA 4.0 8.49.24          
Jan-10 No PeopleTools Patch   N/A          
Apr-10 CVE-2010-0880 failed login
CVE-2010-0877 HTML injection
CVE-2010-0878 XSS in PIA
CVE-2010-0879 Details exposed
4.0
5.0
4.0
4.0
8.49.27 8.50.08        
Jul-10 CVE-2010-2377 XSS in PIA
CVE-2010-2402 access to DM
4.0
5.5
8.49.28 8.50.11        
Oct-10 CVE-2010-3523 XSS in PIA
CVE-2010-3519 XSS in MCF
CVE-2010-3522 Insecure form data
5.0
4.0
4.0
8.49.29 8.50.13        
Jan-11 CVE-2010-4418  Unauthorized access - Code execution
CVE-2010-4424  Unauthorized access - Complete DOS
CVE-2010-4426 Unauthorized  access - PIA Core
CVE-2010-4434 Unauthorized read access
7.5
5.0
5.0
4.0
8.49.30 8.50.16 8.51.05      
Apr-11 CVE-2011-0840  Unauthorized access - File on AppServer
CVE-2011-0827 Unauthorized access - PIA Core
CVE-2011-0856  Unauthorized access - Sensitive data
4.0
4.0
4.0
8.49.31 8.50.18 8.51.08      
Jul-11 CVE-2011-2282 Unauthorized  access - Data
CVE-2011- 2274  Unauthorized access - IDE - PeopleCode
CVE-2011-2280 Unauthorized  access - PIA Core
CVE-2011-2275 Unauthorized  access - PIA Core
3.5
3.5
4.0
4.3
8.49.32 8.50.21 8.51.11      
Oct-11 CVE-2011-2315  Unauthorized  access - Scurity
CVE-2011-3520  Unauthorized  access - Personalization
5.5
2.8
8.49.33 8.50.23 8.51.13      
Jan-12 CVE-2012-0091  Unauthorized  access - Change Assistant 2.7       8.52.05    
Apr-12 CVE-2012-0564 Arbitrary code execution - Query
CVE-2012-0538 Unauthorized access - Search
CVE-2012-0560 Unauthorized access - Portal
CVE-2012-0561Unauthorized access - PIA
CVE-2012-0529 Unauthorized access - core
CVE-2012-0524 Unauthorized access - File Processing
6.5
5.5
4.3
3.5
3.5
3.2
No more patches for this release 8.50.25 8.51.17 8.52.07    
Jul-12 CVE-2012-1753  Unauthorized access and partial DOS
CVE-2012-3118  Unauthorized access - PANPROC
CVE-2012-1733  Unauthorized access - CM
CVE-2012-1762  Unauthorized access - TECH
CVE-2012-1764  Unauthorized access - MCF
CVE-2012-3111 Unauthorized access - TECH
5.4
4.0
3.5
3.5
3.5
3.5
  8.50.26 8.51.19 8.52.09    
Oct-12 CVE-2012-3182 Unauthorized access - PIA Core
CVE-2012-3195 Unauthorized access - Portal
CVE-2012-3198 Unauthorized Query access and partial DOS
CVE-2012-3181 Unauthorized access - Partial DOS
CVE-2012-3188 Unauthorized access - PIA Core
CVE-2012-3176 Unauthorized access - Panel Processor
CVE-2012-3179 Unauthorized access - Tree Manager
CVE-2012-3191 Unauthorized DM access and partial DOS
4.3
4.0
4.0
4.0
3.5
3.5
3.5
2.1
  8.50.27 8.51.21 8.52.11    
Jan-13 CVE-2013-0369 Unauthorized access - Query
CVE-2013-0391 Unauthorized access - Security
CVE-2013-0356  Unauthorized access - PIA Core
CVE-2013-0357 Unauthorized access - PIA Core
CVE-2012-1755  Unauthorized access - PSOL
CVE-2013-0387 Unauthorized access - PeopleCode
CVE-2012-5059  Unauthorized access - Portal
CVE-2013-0395 Unauthorized access - Security
CVE-2012-3192  Unauthorized access - RTE
5.5
5.5
4.3
4.3
4.3
4.3
4.3
4.0
3.5
  No more patches for this release 8.51.22 8.52.13    
Apr-13 CVE-2013-2409  Unauthorized access - PIA Core
CVE-2013-1513  Unauthorized access - PIA Core
CVE-2013-2408  Unauthorized access - PIA Core
CVE-2013-2404  Unauthorized access - Portal
CVE-2013-1550  Unauthorized access - WorkCenter
CVE-2013-2402 Unauthorized access - WorkCenter
CVE-2013-1527 Unauthorized access -  Report Distribution
CVE-2013-2374 Unauthorized access - Rich Text Editor
CVE-2013-2406 Unauthorized access - PIA Core
CVE-2013-2401 Unauthorized access - Portal
5.0
4.3
4.3
4.3
4.3
4.3
4.0
4.0
3.5
3.5
    8.51.23 8.52.15 8.53.03  
Jul-13 CVE-2013-3800 Unauthorized access - Business Interlinks
CVE-2013-3821 Unauthorized IB access - Partial DOS
CVE-2013-3819 Unauthorized access - Mobile Apps and DOS
CVE-2013-3820 Unauthorized IB access - Partial DOS
CVE-2013-3761 Unauthorized access - PIA Core
CVE-2013-3759 Unauthorized access - PIA Search
CVE-2013-3818 Unauthorized access - Portal
CVE-2013-3768 Unauthorized access - Rich Text Editor
CVE-2013-3780 Unauthorized access - Saved Search
6.4
6.4
6.4
5.0
4.3
4.3
4.3
4.3
4.0
    8.51.24 8.52.17 8.53.05  
Oct-13 CVE-2013-3835  Unauthorized access - Integration Broker
CVE-2013-3836  Unauthorized access - Business Interlink
CVE-2013-5794  Unauthorized access - Portal
CVE-2013-5841  Unauthorized access - Portal
CVE-2013-5765 Partial DOS - XML Publisher
CVE-2013-5779 Unauthorized access - PIA Core
5.0
5.0
5.0
5.0
5.0
4.0
    8.51.25 8.52.19 8.53.08  
Jan-14 CVE-2013-5973  Unauthorized access - Integration Broker
CVE-2014-0441 Partial DOS - Integration Broker
CVE-2014-0396  Unauthorized access - Portal - Web Services
CVE-2014-0443  Unauthorized access - Security
CVE-2014-0394  Unauthorized access - Updates Env Mgmt
CVE-2014-0395  Unauthorized access - Updates EnvMgmt
CVE-2014-0380  Unauthorized access - MCF
CVE-2014-0445  Unauthorized access - PIA Core
CVE-2014-0440 Partial DOS - PIA Core
CVE-2014-0439  Unauthorized access - Report Distribution
CVE-2014-0438  Unauthorized access - Panel Processor
CVE-2014-0381 PIA Core Technology
5.0
5.0
5.0
5.0
5.0
5.0
4.3
4.3
4.0
4.0
4.0
2.6
    No more patches for this release 8.52.21 8.53.10  
Apr-14 CVE-2014-2437  Unauthorized access - Integration Broker
CVE-2014-2448  Unauthorized access - Install and Packaging
CVE-2014-2433 Partial DOS - Integration Broker
CVE-2014-2447  Unauthorized access - Integration Broker
CVE-2014-2443  Unauthorized access - PIA Core Technology
CVE-2014-2446  Unauthorized access - QAS
5.0
5.0
5.0
5.0
4.3
4.0
      8.52.22 8.53.12  
Jul-14 CVE-2014-2496   Unauthorized access - PTF
CVE-2014-4204  network attacks via HTTP
5.5
3.5
      8.52.23 8.53.14  
Oct-14 CVE-2014-6535   unauthenticated network attacks (Security)
CVE-2014-6460  authenticated network attacks (QUERY)
CVE-2014-6482  unauthorized update, insert or delete access (CA)
CVE-2014-6475  unauthorized read access (Security)
5.8
4.9
4.0
3.5
      8.52.24 8.53.17 8.54.04
Jan-15 CVE-2015-0379   unauthorized update, insert or delete access (PIA)
CVE-2014-6579  IUD unauthorized access (IB)
CVE-2014-6597  unauthorized update, insert or delete access (PIA)
CVE-2014-6566  IUD unauthorized access (Portal)
CVE-2015-0395  IUD unauthorized access (Report Dist)
CVE-2014-4279  unauthorized update, insert or delete access (PIA)
4.3
4.0
4.0
4.0
4.0
3.5
      8.52.25 8.53.19 8.54.07  
Apr-15 CVE-2015-0487   IUD vulnerability via HTTP (PIA Core)
CVE-2015-0472  IUD vulnerability via HTTP (PIA Core)
CVE-2015-0496  read access to accessible data (PIA Search)
CVE-2015-0453  read access to accessible data (PORTAL subc)
4.0
4.0
4.0
3.3
      No more patches for this release 8.53.22 8.54.10  
Jul-15 CVE-2015-3456   PeopleSoft-VM - Very difficult to exploit vulnerability
CVE-2015-0286  Security - Easily exploitable vulnerability
CVE-2015-2588  PIA - Difficult to exploit vulnerability
CVE-2015-2622  Fluid - Difficult to exploit vulnerability
CVE-2015-2650  MCF - Easily exploitable vulnerability
6.2
5.0
4.3
4.3
4.0
        8.53.24 8.54.13  
Oct-15 CVE-2015-1791  Security - Difficult to exploit vulnerability
CVE-2015-4818  PIA - Easily exploitable vulnerability
CVE-2015-4876  Pivot Grid - Easily exploitable vulnerability
6.8
5.5
4.0
        8.53.25 8.54.16  
CPU Date CVE #'s included in this CPU CVSS PeopleTools 8.50 Patch PeopleTools 8.51 Patch PeopleTools 8.52 Patch PeopleTools 8.53 Patch PeopleTools 8.54 Patch PeopleTools 8.55 Patch
Jan-16 CVE-2016-0460  Fluid/NavBar - Easily exploitable vulnerability
CVE-2016-0471  MCF - Difficult to exploit vulnerability
CVE-2016-0463  Portal - Difficult to exploit vulnerability
CVE- 2016-0587  File Proc - Easily exploitable vulnerability
CVE- 2016-0473  Fluid Core - Easily exploitable vulnerability
CVE- 2016-0462  MCF - Easily exploitable vulnerability
CVE- 2016-0474  PIA Core - Easily exploitable vulnerability
5.0
4.3
4.3
4.0
4.0
4.0
4.0
Last CPU Oct 12 Last CPU Jan 14 Last CPU Jan 15 8.53.26 8.54.19 8.55.02  
Apr-16 CVE-2016-3421  Activity Guide - Easily exploitable vulnerability
CVE-2016-0685  File Processing - Easily exploitable vulnerability
CVE-2016-0679  PIA Grids - Difficult to exploit vulnerability
CVE-2016-3435  PIA Core - Easily exploitable vulnerability
CVE-2016-0408  Activity Guide - Difficult to exploit vulnerability
CVE-2016-3417  PIA Search - Difficult to exploit vulnerability
CVE-2016-3442  Portal - Difficult to exploit vulnerability
CVE-2016-0698  RTE - Difficult to exploit vulnerability
CVE-2015-3197  Security - Difficult to exploit vulnerability
CVE-2016-0683  Search Framework - Easily exploitable vulnerability
CVE-2016-3423  RTE - Difficult to exploit vulnerability
6.5
5.5
5.5
5.0
4.3
4.3
4.3
4.3
4.3
4.0
3.5
      8.53.27 8.54.22 8.55.05  
July-16 CVE-2016-5465  Panel Processor - Easily exploitable vulnerability
CVE-2016-5472  Install and Packaging - Easily exploitable vulnerability
CVE-2016-3483  File Processing - Easily exploitable vulnerability
CVE-2016-5470  Application Designer - Easily exploitable vulnerability
CVE-2016-3478  File Processing - Easily exploitable vulnerability
CVE-2016-2107  Security - Difficult to exploit vulnerability
8.2
7.8
7.2
6.5
6.1
5.9
      8.53.28 8.54.25 8.55.08  
Oct-16 CVE-2016-8293  Integration Broker - Easily exploitable vulnerability
CVE-2016-8291  Mobile App Platform - Easily exploitable vulnerability
CVE-2016-8296  LDAP - Easily exploitable vulnerability
CVE-2015-7940  Bouncy Castle Java - Easily exploitable vulnerability
CVE-2016-5529  Integration Broker - Easily exploitable vulnerability
CVE-2016-5530  Integration Broker - Easily exploitable vulnerability
CVE-2016-8294  Query - Easily exploitable vulnerability
8.2
8.2
7.6
7.5
6.1
6.1
4.3
      Last CPU Jul 16 8.54.28 8.55.11  
Jan-2017 CVE-2016-6303  Security - Easily exploitable vulnerability
CVE-2016-8329  Mobile App Platform - Easily exploitable vulnerability
CVE-2017-3300  MCF - Easily exploitable vulnerability
CVE-2017-3298  PIA Core - Easily exploitable vulnerability
CVE-2017-3299  PIA Search - Easily exploitable vulnerability
CVE-2017-3292  Integration Broker - Easily exploitable vulnerability
9.8
6.1
6.1
6.1
6.1
5.7
      8.54.30 8.55.13  
Apr-2017 CVE-2017-3547  MCF - Easily exploitable vulnerability
CVE-2017-3520  Fluid Core - Easily exploitable vulnerability
CVE-2017-3546  MCF - Easily exploitable vulnerability
CVE-2017-3596  Portal - Easily exploitable vulnerability
CVE-2017-3527  Fluid Core - Easily exploitable vulnerability
CVE-2017-3548  Integration Broker - Easily exploitable vulnerability
CVE-2017-3519  Security - Easily exploitable vulnerability
CVE-2017-3536  Security - Easily exploitable vulnerability
7.4
6.5
6.5
6.5
5.4
5.3
5.3
4.6
      8.54.31 8.55.17  
CPU Date CVE #'s included in this CPU CVSS PeopleTools 8.51 Patch PeopleTools 8.52 Patch PeopleTools 8.53 Patch PeopleTools 8.54 Patch PeopleTools 8.55 Patch PeopleTools 8.56 Patch
Jul-2017 CVE-2017-10061  Integration Broker - Easily exploitable vulnerability
CVE-2017-10146  Portal - Easily exploitable vulnerability
CVE-2017-10019  Integration Broker - Easily exploitable vulnerability
CVE-2017-10249  Integration Broker - Easily exploitable vulnerability
CVE-2017-10021  PIA Search - Easily exploitable vulnerability
CVE-2017-10253  Pivot Grid - Easily exploitable vulnerability
CVE-2017-10106  Portal - Easily exploitable vulnerability
CVE-2017-10017  Workcenter - Easily exploitable vulnerability
CVE-2017-3731  Security - Difficult to exploit vulnerability
CVE-2017-10027  Fluid - Easily exploitable vulnerability
CVE-2017-10045  Integration Broker - Difficult to exploit
CVE-2017-10015  Application Designer - Difficult to exploit
CVE-2017-10251  Test Framework - Difficult to exploit
CVE-2017-10250  Tuxedo - Difficult to exploit
CVE-2017-10020  Update CA - Difficult to exploit
CVE-2017-10252  Update CA - Difficult to exploit
8.3
8.3
7.4
6.1
6.1
6.1
6.1
6.1
5.9
5.4
5.3
4.7
4.7
4.7
4.7
4.7
    Last CPU Jul 16 8.54.32 8.55.17 8.56.02  
Oct-2017 CVE-2017-10366  Perf Mon - Easily exploitable vulnerability
CVE-2017-10364  Updates Env Mgmt - Easily exploitable vulnerability
CVE-2017-10335  Elastic Search - Easily exploitable vulnerability
CVE-2017-10373  Health Center - Easily exploitable vulnerability
CVE-2017-10362  Sawbridge - Easily exploitable vulnerability
CVE-2017-10280  Test Framework - Easily exploitable vulnerability
CVE-2017-10418  PeopleSoft CDA - Easily exploitable vulnerability
CVE-2017-10351  Application Server - Easily exploitable vulnerability
CVE-2017-10158  Core - Easily exploitable vulnerability
CVE-2017-10381  PIA Core - Easily exploitable vulnerability
CVE-2017-10406  PIA Core - Easily exploitable vulnerability
CVE-2017-10327  Query - Easily exploitable vulnerability
CVE-2017-10422  Upd CA - Difficult to exploit vulnerability in 8.54
CVE-2017-10394  Security - Easily exploitable vulnerability
CVE-2017-10382  PIA Core - Easily exploitable vulnerability
9.8
8.1
7.5
7.5
7.2
6.5
6.4
6.2
6.1
6.1
6.1
6.1
5.9
5.4
4.7
      8.54.338.55.19 8.56.04