Oracle PeopleSoft Products Vulnerability in Strategic Sourcing Component
CVE-2017-10018

4.3MEDIUM

Key Information:

Vendor

Oracle
Status
Peoplesoft Enterprise Scm Strategic Sourcing
Vendor
CVE Published:
8 August 2017

What is CVE-2017-10018?

A vulnerability has been identified in the Strategic Sourcing component of Oracle PeopleSoft Products, specifically version 9.2 of the PeopleSoft Enterprise FSCM. This vulnerability allows low-privileged attackers with network access via HTTP to exploit the system, granting them unauthorized abilities to update, insert, or delete entries within the database. By leveraging this weakness, attackers could manipulate vital data stored within the PeopleSoft system, potentially jeopardizing the integrity of sensitive information.

Affected Version(s)

PeopleSoft Enterprise SCM Strategic Sourcing 9.2

References

http://www.securityfocus.com/bid/99811
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1038932
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2017-10018 : Oracle PeopleSoft Products Vulnerability in Strategic Sourcing Component