Vulnerability in PeopleSoft Enterprise PRTL Interaction Hub by Oracle
CVE-2017-10100

6.1MEDIUM

Key Information:

Vendor
Oracle
Status
Peoplesoft Enterprise Prtl Interaction Hub
Vendor
CVE Published:
8 August 2017

Summary

A vulnerability exists within the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products. This flaw allows an unauthenticated attacker with network access via HTTP to exploit the system. The exploitation requires human interaction from a user other than the attacker, making social engineering a potential attack vector. The impact of successful exploitation could lead to unauthorized updates, inserts, or deletions of data within the PeopleSoft environment. Furthermore, attackers may gain unauthorized read access to a subset of data accessible through the PRTL Interaction Hub, posing a significant risk to data integrity and confidentiality within the affected system.

Affected Version(s)

PeopleSoft Enterprise PRTL Interaction Hub 9.1.0

References

http://www.securitytracker.com/id/1038932
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/99759
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.