Questions often arise on the PeopleTools versions for which
Critical Patch Updates have been published, or if a particular PeopleTools
version is supported.
The table in the attached page shows the patch number matrix for PeopleTools
versions associated with a particular CPU publication. This information will help you decide which CPU to apply and when to consider upgrading to a more current release.
The link in "CPU Date" goes to the landing page for
CPU advisories, the link in the individual date, e.g. Apr-10, goes to the
advisory for that date.
The page also shows the CVE's addressed in the CPU, a synopsis
of the issue and the Common Vulnerability Scoring System (CVSS) value.
Introduced in the April 2016 CPU, CVSS 3.0 is being used from this CPU going forward.
For more information on how CVSS 3.0 is calculated, Risk Matrix Glossary – Terms and Definitions for Critical Patch Update Risk Matrices http://www.oracle.com/technetwork/topics/security/advisorymatrixglossary-101807.html
CVSS Version 3.0 Announced: https://blogs.oracle.com/security/entry/cvss_version_3_0_announced
To find more details on any CVE, simply replace the CVE number
in the sample URL below.: http://www.cvedetails.com/cve/CVE-2010-2377
Common Vulnerability Scoring System Version 3 Calculator: https://www.first.org/cvss/specification-document
This page shows the components of the CVSS score
If you are considering creating a response policy, this page provide a good sample template: http://www.first.org/_assets/cvss/cvss-based-patch-policy.pdf. Note this is a useful template.
All the details in this page are available on My Oracle Support and public sites.
Please NOTE: The RED column in the Attached Page indicates the last patch for any PeopleTools
version and effectively the last support date for that version.
Applications Unlimited support does NOT apply to PeopleTools