A remote code execution vulnerability has been patched in the latest Oracle Critical Patch Update. The flaw, CVE-2017-10366, is in the core engine of PeopleSoft software. The bug is one of 252 patched by Oracle and it was assigned a CVSS severity score of 9.8 out of 10. PeopleSoft, like SAP, Microsoft and other competitors, is business-critical software running sensitive tasks such as financial, supply chain, customer and partner management. There were 76 updates for PeopleSoft this year, up from 44 in 2016 and 29 in 2015, ERPScan says.
Source: https://threatpost.com/critical-code-execution-flaw-patched-in-peoplesoft-core-engine/128510/