Vulnerability in Oracle PeopleSoft PRTL Interaction Hub Component
CVE-2017-10255

6.1MEDIUM

Key Information:

Vendor
Oracle
Status
Peoplesoft Enterprise Prtl Interaction Hub
Vendor
CVE Published:
8 August 2017

Summary

A vulnerability exists in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products, allowing unauthenticated attackers with network access via HTTP to potentially compromise the system. While the attack requires user interaction from a person other than the attacker, the exploit can result in unauthorized updates, inserts, or deletions of accessible data, as well as unauthorized read access to some data within the PRTL Interaction Hub. This can severely impact not only the hub but also other integrated products relying on its functionalities.

Affected Version(s)

PeopleSoft Enterprise PRTL Interaction Hub 9.1.0

References

http://www.securityfocus.com/bid/99755
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1038932
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.