Vulnerability in Oracle PeopleSoft Products PRTL Interaction Hub
CVE-2018-2838

6.1MEDIUM

Key Information:

Vendor
Oracle
Status
Peoplesoft Enterprise Prtl Interaction Hub
Vendor
CVE Published:
19 April 2018

Summary

The vulnerability located in the Oracle PeopleSoft Enterprise PRTL Interaction Hub component permits an unauthenticated attacker with network access via HTTP to exploit the system. Although the vulnerability is specific to the PRTL Interaction Hub, successful attacks may lead to unauthorized actions such as updating, inserting, or deleting sensitive data. Additionally, the flaw enables unauthorized read access to parts of the data. It requires user interaction from a non-attacker party for successful exploitation, potentially affecting other linked Oracle PeopleSoft products and compromising system confidentiality and integrity.

Affected Version(s)

PeopleSoft Enterprise PRTL Interaction Hub 9.1

References

http://www.oracle.com/technetwork/security-advisory/cpuap...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/103911
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1040701
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.