Vulnerability in Oracle PeopleSoft Products 9.1 and 9.2 Impacting Confidentiality
CVE-2016-0407

6.5MEDIUM

Key Information:

Vendor: Oracle
Status: Peoplesoft Enterprise Human Capital Management Human Resources
Vendor: CVE Published:; 21 April 2016

Summary

This vulnerability affects the PeopleSoft Enterprise HCM module within Oracle PeopleSoft Products versions 9.1 and 9.2. It allows remote authenticated users to potentially compromise user confidentiality through specific vectors associated with the Fusion HR Talent Integration. Proper remediation is necessary to mitigate risks associated with unauthorized access to sensitive information.

References

http://www.securitytracker.com/id/1035610

vdb-entryx_refsource_SECTRACK

http://www.oracle.com/technetwork/security-advisory/cpuap...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 21, 2016
Vulnerability Reserved
Dec 9, 2015