Vulnerability in PeopleSoft Enterprise ELM Component by Oracle
CVE-2019-2700

4.3MEDIUM

Key Information:

Vendor: Oracle
Status: Peoplesoft Enterprise Elm Enterprise Learning Management
Vendor: CVE Published:; 23 April 2019

Summary

A vulnerability exists in the PeopleSoft Enterprise ELM component of Oracle PeopleSoft Products, specifically in version 9.2. This issue allows an attacker with low privileges and network access via HTTP to exploit the Enterprise Learning Management system. Successful exploitation can lead to unauthorized modifications, including updates, insertions, or deletions of accessible data within the PeopleSoft Enterprise ELM framework.

Affected Version(s)

PeopleSoft Enterprise ELM Enterprise Learning Management 9.2

References

http://www.oracle.com/technetwork/security-advisory/cpuap...

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 23, 2019
Vulnerability Reserved
Dec 14, 2018