← Back

CVE-2008-4000

nvd nist
Published: Oct 14, 2008Modified: Apr 23, 2026

JSON object

Loading...
6.4
Vector
AV:N/AC:L/Au:N/C:P/I:P/A:N
Exploitability: 10.0 / Impact: 4.9
Source: NVD

Description

Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.18 and 8.49.14 allows remote attackers to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the Oracle October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue allows bypass of the lockout mechanism using brute force guessing of credentials and a response discrepancy information leak when the password is correct.

Affected (4)

Jdedwards
1 product
Enterpriseone
Oracle
3 products
Jd Edwards Enterpriseone
Peoplesoft Enterprise
Peoplesoft Peopletools
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Enterpriseone
Version 8.48.18
Jd Edwards Enterpriseone
Version 8.49.14
Peoplesoft Enterprise
Version 8.48.18
Peoplesoft Peopletools
Version 8.49.14

References (12)

Source: secalert_us@oracle.com
Vendor Advisory
Source: secalert_us@oracle.com
Source: secalert_us@oracle.com
Source: secalert_us@oracle.com
Source: secalert_us@oracle.com
Source: secalert_us@oracle.com
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.