Vulnerability in Oracle PeopleSoft HCM Global Payroll Security Features
CVE-2020-14778

6.3MEDIUM

Key Information:

Vendor: Oracle
Status: Peoplesoft Enterprise Hcm Global Payroll Core
Vendor: CVE Published:; 21 October 2020

What is CVE-2020-14778?

An exploitable security vulnerability exists in Oracle's PeopleSoft Enterprise HCM Global Payroll Core product. Specifically, the issue allows low-privileged attackers with network access via HTTP to compromise sensitive areas of the system. Exploitation may lead to unauthorized modifications, including the ability to update, insert, or delete critical payroll data, while also permitting unauthorized read access to sensitive information. Furthermore, this vulnerability could be leveraged to induce a partial denial of service, impacting system availability.

Affected Version(s)

PeopleSoft Enterprise HCM Global Payroll Core 9.2

References

https://www.oracle.com/security-alerts/cpuoct2020.html

x_refsource_MISC

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 21, 2020
Vulnerability Reserved
Jun 19, 2020