Vulnerability in PeopleSoft Enterprise PRTL Interaction Hub of Oracle
CVE-2017-10247

6.1MEDIUM

Key Information:

Vendor
Oracle
Status
Peoplesoft Enterprise Prtl Interaction Hub
Vendor
CVE Published:
8 August 2017

Summary

An improperly managed access control vulnerability exists in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products. This flaw allows an unauthenticated remote attacker to exploit the system with HTTP access, potentially gaining unauthorized update, insert, or delete access to sensitive data. Additionally, attacks may require human interaction from a user other than the attacker, amplifying the risk to user data. While the vulnerability targets the PRTL Interaction Hub specifically, the impact could extend to other connected Oracle PeopleSoft Products, leading to serious integrity and confidentiality concerns.

Affected Version(s)

PeopleSoft Enterprise PRTL Interaction Hub 9.1.0

References

http://www.securityfocus.com/bid/99761
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1038932
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.