CVE-2008-4000

high

Description

Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.18 and 8.49.14 allows remote attackers to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the Oracle October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue allows bypass of the lockout mechanism using brute force guessing of credentials and a response discrepancy information leak when the password is correct.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/45902

http://www.vupen.com/english/advisories/2008/2825

http://www.securitytracker.com/id?1021055

http://www.securityfocus.com/archive/1/497543/100/0/threaded

http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html

http://secunia.com/advisories/32291

Details

Source: Mitre, NVD

Published: 2008-10-14

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.01204