Vulnerability in Oracle PeopleSoft Products Affecting Form and Approval Builder
CVE-2019-2419

5.4MEDIUM

Key Information:

Vendor: Oracle
Status: Peoplesoft Enterprise Cc Common Application Objects
Vendor: CVE Published:; 16 January 2019

Summary

A vulnerability exists in the PeopleSoft Enterprise CC Common Application Objects component of Oracle PeopleSoft Products, specifically within the Form and Approval Builder. This flaw permits low-privileged attackers with network access via HTTP to exploit the system. To successfully execute an attack, human interaction from a third party is needed. As a result, potential unauthorized actions such as updating, inserting, or deleting data can occur within the accessible data of the PeopleSoft Enterprise CC Common Application Objects. Additionally, this vulnerability can enable unauthorized reading of sensitive data, impacting not just the targeted component but potentially affecting other associated products as well. For further details regarding patches and mitigation, refer to the related Oracle documentation.

Affected Version(s)

PeopleSoft Enterprise CC Common Application Objects 9.2

References

http://www.securityfocus.com/bid/106607

vdb-entryx_refsource_BID

http://www.oracle.com/technetwork/security-advisory/cpuja...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 16, 2019
Vulnerability Reserved
Dec 14, 2018