Unauthorized Data Manipulation Vulnerability in Oracle PeopleSoft HRMS
CVE-2020-14612

5.4MEDIUM

Key Information:

Vendor: Oracle
Status: Peoplesoft Enterprise Hcm Time And Labor
Vendor: CVE Published:; 15 July 2020

Summary

A vulnerability exists in the PeopleSoft Enterprise HRMS product of Oracle, specifically within the Time and Labor component. This issue allows low-privileged attackers with network access via HTTP to exploit the system. Successful exploitation can lead to unauthorized modifications, such as the ability to update, insert, or delete data, as well as unauthorized reading of certain accessible data within PeopleSoft Enterprise HRMS. Organizations using the affected version are at risk of compromising their sensitive human resource data.

Affected Version(s)

PeopleSoft Enterprise HCM Time and Labor 9.2

References

https://www.oracle.com/security-alerts/cpujul2020.html

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 15, 2020
Vulnerability Reserved
Jun 19, 2020