Vulnerability in Oracle PeopleSoft Campus Community Frameworks
CVE-2019-2493

3.1LOW

Key Information:

Vendor: Oracle
Status: Peoplesoft Enterprise Cs Campus Community
Vendor: CVE Published:; 16 January 2019

Summary

A vulnerability exists in the Oracle PeopleSoft Enterprise CS Campus Community component, specifically in its Frameworks subcomponent. This issue affects supported versions 9.0 and 9.2, allowing an unauthenticated attacker with network access via HTTP to compromise the integrity of the deployed system. Although the vulnerability is challenging to exploit, it can lead to unauthorized access, enabling the attacker to perform operations such as update, insert, or delete on accessible data within the PeopleSoft Campus Community. Successful exploitation necessitates human interaction from an individual other than the attacker, which adds a layer of complexity to the attack process.

Affected Version(s)

PeopleSoft Enterprise CS Campus Community 9.0

PeopleSoft Enterprise CS Campus Community 9.2

References

http://www.oracle.com/technetwork/security-advisory/cpuja...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/106610

vdb-entryx_refsource_BID

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 16, 2019
Vulnerability Reserved
Dec 14, 2018