Security Firm Finds Vulnerability in PeopleSoft Software
Monday March 10, 5:34 pm ET
By Marcelo Prince
NEW YORK -- A computer security firm uncovered a vulnerability in PeopleSoft Inc.'s tools software that, if exploited by hackers, could be used to alter or pilfer corporate data.
Internet Security Systems Inc. (NasdaqNM:ISSX - News) said the flaw lies in the company's PeopleTools product, a toolset that is included with most of the company's products and used by software administrators and developers.
ADVERTISEMENT
"It a pretty serious vulnerability for anyone running PeopleSoft applications, " said Neel Mehta, a research engineer at X-Force, Internet Security's research arm. The flaw could potentially allow an attacker to upload files onto a company's Web server or steal data from its database, Mehta said.
PeopleSoft, based in Pleasanton, Calif., said none of its customers have reported such attacks and it already has made available to customers software fixes that address the problem.
"PeopleSoft does not believe there have been any instances of customers being affected," said spokesman Steve Swasey. PeopleSoft software is used to manage human resources, customer service and accounting.
The vulnerability is found in several iterations of PeopleTools, including versions 8.1 to 8.18, version 8.40 and version 8.41.
PeopleSoft users should upgrade to newest versions of PeopleTools, 8.19 and 8.40, or apply a fix that is available on PeopleSoft's Web site for customers, Mr. Swasey said.
Internet Security, or ISS, a vendor of intrusion detection software, also offers fixes to its customers on its Web site.
At 4 p.m. on the Nasdaq Stock Market (News - Websites), shares of PeopleSoft finished down 81 cents, or 5%, at $15.24 Monday.
-By Marcelo Prince; Dow Jones Newswires; 201-938-5244; marcelo.prince@dowjones.com |
