Vulnerability in PeopleSoft Enterprise HCM Component of Oracle PeopleSoft Products
CVE-2017-10306

4.6MEDIUM

Key Information:

Vendor
Oracle
Status
Peoplesoft Enterprise Hcm Human Resources
Vendor
CVE Published:
19 October 2017

Summary

An access control vulnerability exists in the PeopleSoft Enterprise HCM component of Oracle PeopleSoft Products that allows a low privileged attacker with network access via HTTP to compromise the system. Successfully exploiting this vulnerability requires human interaction from a third party other than the attacker. It can lead to unauthorized update, insert, or delete access to some data within PeopleSoft Enterprise HCM, as well as unauthorized reading of a subset of accessible data. This can compromise both confidentiality and integrity within the affected system.

Affected Version(s)

PeopleSoft Enterprise HCM Human Resources 9.2

References

http://www.securitytracker.com/id/1039598
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuoc...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/101478
vdb-entryx_refsource_BID

CVSS V3.1

Score:
4.6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.