Vulnerability in eProcurement Component of Oracle PeopleSoft Products
CVE-2019-2519

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Peoplesoft Enterprise Scm Eprocurement
Vendor: CVE Published:; 16 January 2019

Summary

The vulnerability in the eProcurement component of Oracle PeopleSoft Products permits unauthorized access to sensitive data. An unauthenticated attacker can exploit this issue remotely via HTTP, provided that they trick a user into interacting with a specially crafted request. While the vulnerability primarily resides within the eProcurement subsystem, its successful exploitation could lead to unauthorized modifications and access to additional data across the PeopleSoft suite. Organizations utilizing PeopleSoft Enterprise SCM must be vigilant in securing their instances to prevent potential data breaches and integrity issues.

Affected Version(s)

PeopleSoft Enterprise SCM eProcurement 9.2

References

http://www.securityfocus.com/bid/106604

vdb-entryx_refsource_BID

http://www.oracle.com/technetwork/security-advisory/cpuja...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 16, 2019
Vulnerability Reserved
Dec 14, 2018