Sign-up

ID

VAR-201610-0214


CVE

CVE-2016-8285


TITLE

Oracle PeopleSoft Products of PeopleSoft Enterprise HCM In Candidate Gateway Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-005540

DESCRIPTION

Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote administrators to affect confidentiality and integrity via vectors related to Candidate Gateway. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlInformation may be obtained and altered by a remote administrator. Oracle PeopleSoft Enterprise HCM is prone to a remote security vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. The 'Candidate Gateway' sub component is affected. This vulnerability affects the following supported versions: 9.2. Oracle PeopleSoft Products is a set of enterprise human capital management solutions from Oracle Corporation, which provides functions such as human capital management, financial management, and supplier relationship management. PeopleSoft Enterprise HCM is one of the Human Resource Management (HCM) components. Attackers can use this vulnerability to access, update, insert or delete data without authorization, affecting the confidentiality and integrity of data

Trust: 1.98

sources: NVD: CVE-2016-8285 // JVNDB: JVNDB-2016-005540 // BID: 93723 // VULHUB: VHN-97105

AFFECTED PRODUCTS

vendor:oraclemodel:peoplesoft enterprise human capital management candidate gatewayscope:eqversion:9.2

Trust: 1.6

vendor:oraclemodel:peoplesoft productsscope:eqversion:of peoplesoft enterprise hcm 9.2

Trust: 0.8

vendor:oraclemodel:peoplesoft enterprise hcmscope:eqversion:9.2

Trust: 0.3

sources: BID: 93723 // JVNDB: JVNDB-2016-005540 // CNNVD: CNNVD-201610-538 // NVD: CVE-2016-8285

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-8285
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-8285
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201610-538
value: MEDIUM

Trust: 0.6

VULHUB: VHN-97105
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-8285
severity: MEDIUM
baseScore: 4.9
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-97105
severity: MEDIUM
baseScore: 4.9
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-8285
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 0.5
impactScore: 4.2
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-97105 // JVNDB: JVNDB-2016-005540 // CNNVD: CNNVD-201610-538 // NVD: CVE-2016-8285

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.1

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-97105 // JVNDB: JVNDB-2016-005540 // NVD: CVE-2016-8285

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201610-538

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201610-538

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-005540

PATCH
title:Oracle Critical Patch Update Advisory - October 2016url:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
Trust: 0.8
title:Text Form of Oracle Critical Patch Update - October 2016 Risk Matricesurl:http://www.oracle.com/technetwork/security-advisory/cpuoct2016verbose-2881725.html
Trust: 0.8
title:October 2016 Critical Patch Update Releasedurl:https://blogs.oracle.com/security/entry/october_2016_critical_patch_update
Trust: 0.8
title:Oracle PeopleSoft Enterprise HCM Remediation measures for remote security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64906
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-005540 // 
            
            
            
            CNNVD: CNNVD-201610-538

EXTERNAL IDS
db:NVDid:CVE-2016-8285
Trust: 2.8
db:BIDid:93723
Trust: 2.0
db:SECTRACKid:1037046
Trust: 1.1
db:JVNDBid:JVNDB-2016-005540
Trust: 0.8
db:CNNVDid:CNNVD-201610-538
Trust: 0.7
db:VULHUBid:VHN-97105
Trust: 0.1
sources:
            
            
            VULHUB: VHN-97105 // 
            
            
            
            BID: 93723 // 
            
            
            
            JVNDB: JVNDB-2016-005540 // 
            
            
            
            CNNVD: CNNVD-201610-538 // 
            
            
            
            NVD: CVE-2016-8285

REFERENCES
url:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
Trust: 2.0
url:http://www.securityfocus.com/bid/93723
Trust: 1.7
url:http://www.securitytracker.com/id/1037046
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8285
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8285
Trust: 0.8
sources:
            
            
            VULHUB: VHN-97105 // 
            
            
            
            BID: 93723 // 
            
            
            
            JVNDB: JVNDB-2016-005540 // 
            
            
            
            CNNVD: CNNVD-201610-538 // 
            
            
            
            NVD: CVE-2016-8285

CREDITS
Oracle
Trust: 0.9
sources:
            
            
            BID: 93723 // 
            
            
            
            CNNVD: CNNVD-201610-538

SOURCES
db:VULHUBid:VHN-97105
db:BIDid:93723
db:JVNDBid:JVNDB-2016-005540
db:CNNVDid:CNNVD-201610-538
db:NVDid:CVE-2016-8285

LAST UPDATE DATE
2025-04-13T21:21:03.025000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-97105date:2017-07-29T00:00:00
db:BIDid:93723date:2016-10-26T11:09:00
db:JVNDBid:JVNDB-2016-005540date:2016-10-31T00:00:00
db:CNNVDid:CNNVD-201610-538date:2016-10-26T00:00:00
db:NVDid:CVE-2016-8285date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-97105date:2016-10-25T00:00:00
db:BIDid:93723date:2016-10-18T00:00:00
db:JVNDBid:JVNDB-2016-005540date:2016-10-24T00:00:00
db:CNNVDid:CNNVD-201610-538date:2016-10-20T00:00:00
db:NVDid:CVE-2016-8285date:2016-10-25T14:31:56.087