Vulnerability in Oracle PeopleSoft Products' Strategic Sourcing Component
CVE-2017-10287

4.3MEDIUM

Key Information:

Vendor
Oracle
Status
Peoplesoft Enterprise Scm Strategic Sourcing
Vendor
CVE Published:
19 October 2017

Summary

A vulnerability exists in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products, specifically in the Strategic Sourcing subcomponent. This flaw can be exploited by a low privileged attacker with network access via HTTP, allowing them to gain unauthorized read access to certain data within the PeopleSoft Enterprise FSCM system. It is crucial for users of the affected version (9.2) to assess their security measures and apply necessary patches to mitigate this exposure.

Affected Version(s)

PeopleSoft Enterprise SCM Strategic Sourcing 9.2

References

http://www.securitytracker.com/id/1039598
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuoc...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/101480
vdb-entryx_refsource_BID

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.