CVE-2018-3130

5.4MEDIUM

Key Information:

Vendor
Oracle
Status
Peoplesoft Enterprise Prtl Interaction Hub
Vendor
CVE Published:
17 October 2018

Summary

Vulnerability in the PeopleSoft Enterprise Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Application Portal). The supported version that is affected is 9.1.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise Interaction Hub. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise Interaction Hub accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise Interaction Hub accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).

Affected Version(s)

PeopleSoft Enterprise PRTL Interaction Hub 9.1.0.0

References

http://www.securityfocus.com/bid/105614
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1041891
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuoc...
x_refsource_CONFIRM

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.