PeopleTools CPU analysis and supported versions of PeopleTools (update for October 2016 CPU)

Questions often arise on the PeopleTools versions for which Critical Patch Updates have been published, or if a particular PeopleTools version is supported. 

The table in the attached page shows the patch number matrix for PeopleTools versions associated with a particular CPU publication. This information will help you decide which CPU to apply and when to consider upgrading to a more current release.

The link in "CPU Date" goes to the landing page for CPU advisories, the link in the individual date, e.g. Apr-10, goes to the advisory for that date.

The page also shows the CVE's addressed in the CPU, a synopsis of the issue and the Common Vulnerability Scoring System (CVSS) value.

 Introduced in the April 2016 CPU, CVSS 3.0 is being used from this CPU going forward.

 For more information on how CVSS 3.0 is calculated, Risk Matrix Glossary – Terms and Definitions for Critical Patch Update Risk Matrices http://www.oracle.com/technetwork/topics/security/advisorymatrixglossary-101807.html

CVSS Version 3.0 Announced: https://blogs.oracle.com/security/entry/cvss_version_3_0_announced

To find more details on any CVE, simply replace the CVE number in the sample URL below.: http://www.cvedetails.com/cve/CVE-2010-2377

Common Vulnerability Scoring System Version 3 Calculator: https://www.first.org/cvss/specification-document

This page shows the components of the CVSS score

If you are considering creating a response policy, this page provide a good sample template: http://www.first.org/_assets/cvss/cvss-based-patch-policy.pdf. Note this is a useful template.

All the details in this page are available on My Oracle Support and public sites.

Please NOTE: The RED column in the Attached Page indicates the last patch for any PeopleTools version and effectively the last support date for that version.

Applications Unlimited support does NOT apply to PeopleTools versions.

.