Number: AV17-171
Date: 15 November 2017
Purpose
The purpose of this advisory is to bring attention to the following Security Advisory affecting Oracle Tuxedo.
Assessment
Oracle has issued an advisory which highlights critical vulnerabilities in Oracle Tuxedo. Some of these vulnerabilities can be exploited on a network without the need for authentication. Oracle PeopleSoft products include and use Oracle Tuxedo in their distributions, therefore, PeopleSoft customers should apply the Tuxedo patches referenced below.
Products affected: Oracle Tuxedo versions 11.1.1, 12.1.1, 12.1.3, 12.2.2
CVE Reference(s): CVE-2017-10267, CVE-2017-10269, CVE-2017-10272, CVE-2017-10266, CVE-2017-10278
Suggested Action
CCIRC recommends that system administrators identify their affected assets and potential interdependencies with their organization’s critical services, and follow their patch management process accordingly.
Reference(s):
http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10269-4021872.html