CVE-2002-1252

high

Description

The Application Messaging Gateway for PeopleTools 8.1x before 8.19, as used in various PeopleSoft products, allows remote attackers to read arbitrary files via certain XML External Entities (XXE) fields in an HTTP POST request that is processed by the SimpleFileHandler handler.

References

http://www.securityfocus.com/bid/6647

http://www.iss.net/security_center/static/10520.php

http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21811

Details

Source: Mitre, NVD

Published: 2003-02-07

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.00424