Web Application Vulnerability in Oracle PeopleSoft Products – Candidate Gateway
CVE-2019-2591

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Peoplesoft Enterprise Hcm Candidate Gateway
Vendor: CVE Published:; 23 April 2019

Summary

A vulnerability exists in the Candidate Gateway of Oracle PeopleSoft Enterprise HRMS 9.2, allowing unauthenticated attackers with network access via HTTP to significantly compromise the system. Exploitation of this vulnerability can lead to unauthorized updates, inserts, or deletions of accessible data within the PeopleSoft environment. Moreover, it may allow unauthorized read access to specific datasets, necessitating human interaction from a party other than the attacker to exploit successfully. Organizations utilizing this product should apply necessary patches and enhance security measures to mitigate potential risks associated with this vulnerability.

Affected Version(s)

PeopleSoft Enterprise HCM Candidate Gateway 9.2

References

http://www.oracle.com/technetwork/security-advisory/cpuap...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 23, 2019
Vulnerability Reserved
Dec 14, 2018