Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2023-22047 — AI Deep Analysis Summary

CVSS 7.5 · High

Q1What is this vulnerability? (Essence + Consequences)

🚨 **CVE-2023-22047** is a critical security flaw in Oracle PeopleTools. It allows **unauthenticated** attackers to read arbitrary files via HTTP. The consequence?…

Q2Root Cause? (CWE/Flaw)

🛡️ **Root Cause**: The **Portal.war** module contains a Servlet named **WSRP Consumer ResourceProxy**.…

Q3Who is affected? (Versions/Components)

🏢 **Affected Vendor**: Oracle Corporation. **Product**: PeopleSoft Enterprise PT PeopleTools. **Versions**: Specifically **8.59** and **8.60**. ⚠️ Check your version immediately!

Q4What can hackers do? (Privileges/Data)

👮 **Attacker Capabilities**: No authentication needed! Attackers can access **critical data** and potentially achieve **complete control** (RCE) of the server. They can read sensitive files like `/etc/passwd`. 🔓

Q5Is exploitation threshold high? (Auth/Config)

📉 **Exploitation Threshold**: **LOW**. No privileges (PR:N) required. Network access via HTTP is sufficient. Low complexity (AC:L). Easy to exploit for anyone with network reach. 🎯

Q6Is there a public Exp? (PoC/Wild Exploitation)

💣 **Public Exploit**: **YES**. Proof-of-Concept (PoC) is available on GitHub. Example: `https://target:8443/RP?wsrp-url=file:///etc/passwd`. Wild exploitation is highly likely. 🌐

Q7How to self-check? (Features/Scanning)

🔍 **Self-Check**: Scan for the endpoint `/RP` with the parameter `wsrp-url`. Use tools like **Nuclei** with the CVE-2023-22047 template. Look for file content responses. 📡

Q8Is it fixed officially? (Patch/Mitigation)

🩹 **Official Fix**: **YES**. Oracle released a patch in the **July 2023 CPU** (Critical Patch Update). Check the Oracle Security Advisory for details. 📦

Q9What if no patch? (Workaround)

🚧 **No Patch?**: Block external access to the **Portal** module. Restrict access to `/RP` endpoints via WAF or firewall rules. Disable the **WSRP Consumer ResourceProxy** servlet if possible. 🛑

Q10Is it urgent? (Priority Suggestion)

🔥 **Urgency**: **CRITICAL**. Unauthenticated RCE is a top-tier threat. Patch immediately! Do not wait. The risk of data breach and server takeover is extreme. 🚨