Vulnerability in Oracle PeopleSoft Products – Human Resources Component
CVE-2018-2654

6.1MEDIUM

Key Information:

Vendor
Oracle
Status
Peoplesoft Enterprise Hcm Human Resources
Vendor
CVE Published:
18 January 2018

Summary

A vulnerability in the Oracle PeopleSoft Enterprise HCM Human Resources component allows an unauthenticated attacker with network access via HTTP to exploit the system. While this vulnerability resides within the Human Resources subcomponent, it has the potential to affect broader functionalities across Oracle PeopleSoft Products. Successful exploitation may grant unauthorized access to perform updates, insertions, or deletions on sensitive data, as well as unauthorized read access to certain accessible data. It is important for organizations utilizing PeopleSoft Enterprise HCM Human Resources to assess their exposure and implement necessary security measures.

Affected Version(s)

PeopleSoft Enterprise HCM Human Resources 9.2

References

http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/102604
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1040204
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.