SQL Injection Vulnerability in Oracle PeopleSoft Human Resources
CVE-2018-3068

6.1MEDIUM

Key Information:

Vendor
Oracle
Status
Peoplesoft Enterprise Hcm Human Resources
Vendor
CVE Published:
18 July 2018

Summary

This vulnerability exists in the Oracle PeopleSoft Enterprise HCM Human Resources component, specifically within the Compensation subcomponent. It allows an unauthenticated attacker to exploit the system via HTTP. The attack requires human interaction by a third-party user, making it easier for the attacker to gain unauthorized access. Once exploited, it can lead to unauthorized updates, deletions, or inserts of sensitive data, as well as unauthorized reading of certain datasets within the PeopleSoft Enterprise HCM Human Resources. This vulnerability's impact extends beyond just HCM, potentially affecting associated systems and their integrity.

Affected Version(s)

PeopleSoft Enterprise HCM Human Resources 9.2

References

http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/104832
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1041306
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.