Vulnerability in Oracle PeopleSoft Enterprise PRTL Interaction Hub
CVE-2017-10354

8.2HIGH

Key Information:

Vendor
Oracle
Status
Peoplesoft Enterprise Prtl Interaction Hub
Vendor
CVE Published:
19 October 2017

Summary

A vulnerability exists in the PeopleSoft Enterprise PRTL Interaction Hub component within Oracle PeopleSoft Products, specifically affecting version 9.1.00. This issue allows an unauthenticated attacker with network access via HTTP to compromise the system. Although the vulnerability is confined to the PeopleSoft Enterprise PRTL Interaction Hub, its exploitation can lead to unauthorized access to sensitive data and permissions to manipulate accessible data, such as updates or deletions. Additionally, successful exploitation necessitates human interaction from a target user. Due to this, while the direct impact is limited to the interaction hub, the ramifications can extend to various connected products.

Affected Version(s)

PeopleSoft Enterprise PRTL Interaction Hub 9.1.00

References

http://www.securityfocus.com/bid/101465
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1039598
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuoc...
x_refsource_CONFIRM

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.