VULHUB ™

PeopleTools has been reported prone to an information disclosure vulnerability. The issue presents itself within PeopleTools "grid" functionality that is provided so that a user can save a search to a local .xls file. When the grid option is invoked, the search log is stored in an insecure manner on the PeopleTools server. Specifically, the temporary file is saved with permissions set so that any remote user may request and view the file. It has been reported that this file is available for approximately 5 minutes after it has been created, when this time period expires, the file is deleted.

PeopleTools has been reported prone to an information disclosure vulnerability. The issue presents itself within PeopleTools "grid" functionality that is provided so that a user can save a search to a local .xls file. When the grid option is invoked, the search log is stored in an insecure manner on the PeopleTools server. Specifically, the temporary file is saved with permissions set so that any remote user may request and view the file. It has been reported that this file is available for approximately 5 minutes after it has been created, when this time period expires, the file is deleted.