CVE-2009-3405

Unspecified vulnerability in the JD Edwards Tools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.98.1.4 allows remote authenticated users to affect integrity and availability via unknown vectors.

CVSS v2.0 4.1 MEDIUM

4.1^/10

CVSS v2.0 : MEDIUM

Vector : AV:A/AC:L/Au:S/C:N/I:P/A:P

Exploitability : 5.1 / Impact : 4.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html
http://www.securityfocus.com/bid/36772
http://www.securitytracker.com/id?1023061
http://www.us-cert.gov/cas/techalerts/TA09-294A.html	US Government Resource
http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html
http://www.securityfocus.com/bid/36772
http://www.securitytracker.com/id?1023061
http://www.us-cert.gov/cas/techalerts/TA09-294A.html	US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:oracle:jd_edwards_enterpriseone:8.98.1.4:::::::*
	cpe:2.3:a:oracle:peoplesoft_enterprise:8.98.1.4:::::::*

History

21 Nov 2024, 01:07

Type	Values Removed	Values Added
References	~~() http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html -~~	() http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html -
References	~~() http://www.securityfocus.com/bid/36772 -~~	() http://www.securityfocus.com/bid/36772 -
References	~~() http://www.securitytracker.com/id?1023061 -~~	() http://www.securitytracker.com/id?1023061 -
References	~~() http://www.us-cert.gov/cas/techalerts/TA09-294A.html - US Government Resource~~	() http://www.us-cert.gov/cas/techalerts/TA09-294A.html - US Government Resource

Information

Published : 2009-10-22 18:30

Updated : 2024-11-21 01:07

NVD link : CVE-2009-3405

Mitre link : CVE-2009-3405

CVE.ORG link : CVE-2009-3405

JSON object : View

Products Affected

oracle

peoplesoft_enterprise
jd_edwards_enterpriseone

CWE

NVD-CWE-noinfo

{"id": "CVE-2009-3405", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.1, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:S/C:N/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 5.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-10-22T18:30:00.953", "references": [{"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html", "source": "secalert_us@oracle.com"}, {"url": "http://www.securityfocus.com/bid/36772", "source": "secalert_us@oracle.com"}, {"url": "http://www.securitytracker.com/id?1023061", "source": "secalert_us@oracle.com"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA09-294A.html", "tags": ["US Government Resource"], "source": "secalert_us@oracle.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/36772", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id?1023061", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA09-294A.html", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the JD Edwards Tools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.98.1.4 allows remote authenticated users to affect integrity and availability via unknown vectors."}, {"lang": "es", "value": "Vulnerabilidad no especificada en el componente JD Edwards Tools de Oracle PeopleSoft Enterprise y JD Edwards EnterpriseOne v8.98.1.4, permite a usuarios autenticados en remoto comprometer la integridad y disponibilidad a trav\u00e9s de vectores desconocidos."}], "lastModified": "2024-11-21T01:07:16.770", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone:8.98.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "768E4605-1871-435B-8FB6-DDFBD17355CA"}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise:8.98.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90E4D5EA-6AE3-4F81-AFD0-CBB8E25C02E9"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}