Vulnerability in Oracle PeopleSoft eProcurement Component
CVE-2017-10134

5.4MEDIUM

Key Information:

Vendor
Oracle
Status
Peoplesoft Enterprise Scm Eprocurement
Vendor
CVE Published:
8 August 2017

Summary

A vulnerability exists in the eProcurement subcomponent of Oracle PeopleSoft's Enterprise FSCM, affecting version 9.2. This vulnerability allows an attacker with low privileges to gain unauthorized access to sensitive data through HTTP requests. While exploiting this vulnerability requires human interaction from a user other than the attacker, it can lead to unauthorized updates, inserts, or deletions of accessible data within the PeopleSoft system. Moreover, successful exploitation may result in unauthorized read access to certain subsets of customer data, which may have far-reaching implications beyond the immediate scope of PeopleSoft Enterprise FSCM.

Affected Version(s)

PeopleSoft Enterprise SCM eProcurement 9.2

References

http://www.securityfocus.com/bid/99790
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1038932
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.