Vulnerability in Oracle PeopleSoft Products' Interaction Hub Component
CVE-2017-10126

6.1MEDIUM

Key Information:

Vendor
Oracle
Status
Peoplesoft Enterprise Prtl Interaction Hub
Vendor
CVE Published:
8 August 2017

Summary

A vulnerability exists in the PeopleSoft Enterprise PRTL Interaction Hub of Oracle PeopleSoft Products, specifically within the HTML Area component. This flaw provides an opportunity for unauthenticated attackers with HTTP network access to compromise the hub. Successful exploitation requires interaction from an unsuspecting user, potentially allowing unauthorized access to sensitive data. Attacks leveraging this vulnerability can result in unauthorized modifications, including the ability to update, insert, or delete data, as well as unauthorized reading of accessible data subsets. Although primarily affecting the Interaction Hub, there is a risk of broader impact across other components of PeopleSoft Enterprise Products.

Affected Version(s)

PeopleSoft Enterprise PRTL Interaction Hub 9.1.0

References

http://www.securityfocus.com/bid/99760
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1038932
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.