Cross-Site Scripting Vulnerability in Oracle PeopleSoft Products
CVE-2017-10070

6.1MEDIUM

Key Information:

Vendor
Oracle
Status
Peoplesoft Enterprise Prtl Interaction Hub
Vendor
CVE Published:
8 August 2017

Summary

A vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products allows unauthenticated attackers with network access via HTTP to exploit system weaknesses. Successful exploitation necessitates human interaction from a user other than the attacker. While the vulnerability resides in the PeopleSoft Enterprise PRTL Interaction Hub, the effects may extend to other associated products. Exploitation can lead to unauthorized modifications, data insertions or deletions, as well as unauthorized read access to sensitive data within the PRTL Interaction Hub.

Affected Version(s)

PeopleSoft Enterprise PRTL Interaction Hub 9.1.0

References

http://www.securityfocus.com/bid/99762
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1038932
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.