{"api_version":"1","generated_at":"2026-04-23T06:58:50+00:00","cve":"CVE-2008-4001","urls":{"html":"https://cve.report/CVE-2008-4001","api":"https://cve.report/api/cve/CVE-2008-4001.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2008-4001","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2008-4001"},"summary":{"title":"CVE-2008-4001","description":"Unspecified vulnerability in the PeopleSoft Enterprise Portal component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne EP 8.9 and EP 9.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.","state":"PUBLISHED","assigner":"oracle","published_at":"2008-10-14 21:11:11","updated_at":"2026-04-23 00:35:47"},"problem_types":["NVD-CWE-noinfo","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.9","severity":"","vector":"AV:N/AC:M/Au:S/C:P/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:N","baseScore":4.9,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html","name":"http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Oracle Critical Patch Update Advisory - October 2008","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2008/2825","name":"http://www.vupen.com/english/advisories/2008/2825","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1021055","name":"http://www.securitytracker.com/id?1021055","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne Bugs Let Remote Users Access and Modify Data - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/32291","name":"http://secunia.com/advisories/32291","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Oracle Products Multiple Vulnerabilities - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/45903","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/45903","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2008-4001","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-4001","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2008","cve_id":"4001","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jd_edwards_enterpriseone_ep","cpe6":"8.9","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"4001","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jd_edwards_enterpriseone_ep","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"4001","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"peoplesoft_enterprise","cpe6":"8.9","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"4001","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"peoplesoft_enterprise","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T10:00:42.114Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html"},{"name":"oracle-peoplesoft-portal-priv-escalation(45903)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/45903"},{"name":"32291","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/32291"},{"name":"1021055","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1021055"},{"name":"ADV-2008-2825","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2008/2825"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2008-10-14T00:00:00.000Z","descriptions":[{"lang":"en","value":"Unspecified vulnerability in the PeopleSoft Enterprise Portal component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne EP 8.9 and EP 9.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-08-07T12:57:01.000Z","orgId":"43595867-4340-4103-b7a2-9a5208d29a85","shortName":"oracle"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html"},{"name":"oracle-peoplesoft-portal-priv-escalation(45903)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/45903"},{"name":"32291","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/32291"},{"name":"1021055","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1021055"},{"name":"ADV-2008-2825","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2008/2825"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"secalert_us@oracle.com","ID":"CVE-2008-4001","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Unspecified vulnerability in the PeopleSoft Enterprise Portal component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne EP 8.9 and EP 9.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html","refsource":"CONFIRM","url":"http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html"},{"name":"oracle-peoplesoft-portal-priv-escalation(45903)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/45903"},{"name":"32291","refsource":"SECUNIA","url":"http://secunia.com/advisories/32291"},{"name":"1021055","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1021055"},{"name":"ADV-2008-2825","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2008/2825"}]}}}},"cveMetadata":{"assignerOrgId":"43595867-4340-4103-b7a2-9a5208d29a85","assignerShortName":"oracle","cveId":"CVE-2008-4001","datePublished":"2008-10-14T21:00:00.000Z","dateReserved":"2008-09-09T00:00:00.000Z","dateUpdated":"2024-08-07T10:00:42.114Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2008-10-14 21:11:11","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["NVD-CWE-noinfo","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:N","baseScore":4.9,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":6.8,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jd_edwards_enterpriseone_ep:8.9:*:*:*:*:*:*:*","matchCriteriaId":"B73DAAFF-035F-4414-9A96-6A6862378FF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jd_edwards_enterpriseone_ep:9.0:*:*:*:*:*:*:*","matchCriteriaId":"D4516043-6CB0-46F7-B983-3254171F8FBD"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise:8.9:*:*:*:*:*:*:*","matchCriteriaId":"07C74F20-5A1B-4C01-83F7-BB7CF11B7A66"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise:9.0:*:*:*:*:*:*:*","matchCriteriaId":"AC0B4851-1897-414C-B7D2-4C158D648629"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2008","CveId":"4001","Ordinal":"1","Title":"CVE-2008-4001","CVE":"CVE-2008-4001","Year":"2008"},"notes":[{"CveYear":"2008","CveId":"4001","Ordinal":"1","NoteData":"Unspecified vulnerability in the PeopleSoft Enterprise Portal component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne EP 8.9 and EP 9.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.","Type":"Description","Title":"CVE-2008-4001"},{"CveYear":"2008","CveId":"4001","Ordinal":"2","NoteData":"2008-10-14","Type":"Other","Title":"Published"},{"CveYear":"2008","CveId":"4001","Ordinal":"3","NoteData":"2017-08-07","Type":"Other","Title":"Modified"}]}}}