Find security vulnerability in PeopleSoft and get featured by Oracle | PeopleSoft Tutorial

Find security vulnerability in PeopleSoft and get featured by Oracle

Do you know that if you find and report security vulnerability in PeopleSoft you can get featured by Oracle?

Yes, that is absolutely true.

Working on PeopleSoft application for many years can make you very much familiar with how PeopleSoft works. Someone who digs deeper in the code can figure out some code issues to identify vulnerabilities in PeopleSoft product.

If you find and report these to Oracle, you can get a small credit for it.

Since some security issues can have serious impact on an organization business, Oracle identifies them as critical patches and recommend all customers using those products to apply these critical patches at the earliest.

How to get featured by Oracle by finding security vulnerability in PeopleSoft

When you go to the critical patch update page which is published by Oracle, you can see the list of people who reported and contributed to security vulnerability in Oracle products (including PeopleSoft).

In below credit statement you can see that highlighted CVE-2019-2439 was reported by ‘Andres Georgieff’ of Sandia National Laboratories. Just like Andres there are several other people who found out about other vulnerability in Oracle products.

Below are the details of the patch CVE-2019-2439 that was fixed based on the vulnerability found by ‘Andres Georgieff’. As you can see the patch impact PeopleTools Portal for 8.55 , 8.56 and even the latest release 8.57. Scary part is that this patch can be remotely exploited.

Click here to view latest Oracle Critical patch updates

In fact, it’s not just PeopleSoft but you can report issues for any Oracle product.

Do you know of any PeopleSoft security vulnerability that you can report to Oracle and hopefully get it fixed in next critical update release?

Let us know in comments section below. (Please don’t post details of vulnerability if you’ve found any….. we don’t want to compromise PeopleSoft security)