A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible.
Your PeopleSoft installation may be vulnerable without the CPU that is schedule for release on 19th April 2011.
Oracle’s website about this CPU says that this Critical Patch Update contains 14 new security fixes for the Oracle PeopleSoft Suite. One of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.
The highest CVSS Base Score of vulnerabilities affecting Oracle PeopleSoft Suite is 5.5
The Oracle PeopleSoft Suite components affected by vulnerabilities that are fixed in this Critical Patch Update are listed below.
Oracle PeopleSoft Enterprise CRM, version 8.9
Oracle PeopleSoft Enterprise ELS, versions 9.0, 9.1
Oracle PeopleSoft Enterprise HRMS, versions 9.0, 9.1
Oracle PeopleSoft Enterprise Portal, versions 8.8, 8.9, 9.0, 9.1
Oracle PeopleSoft Enterprise People Tools, versions 8.49, 8.50, 8.51
