Unauthorized Access Vulnerability in Oracle PeopleSoft SCM eProcurement
CVE-2021-2220

5.4MEDIUM

Key Information:

Vendor: Oracle
Status: Peoplesoft Enterprise Scm Eprocurement
Vendor: CVE Published:; 22 April 2021

What is CVE-2021-2220?

An easily exploitable vulnerability exists in Oracle PeopleSoft's Enterprise SCM eProcurement component, affecting version 9.2. This flaw allows a low privileged attacker to gain unauthorized access to sensitive data through network access via HTTP. Successful exploitation may enable the attacker to perform unauthorized updates, inserts, or deletions of accessible data, as well as read access to restricted information. This vulnerability can compromise both the confidentiality and integrity of the data managed by PeopleSoft Enterprise SCM eProcurement.

Affected Version(s)

PeopleSoft Enterprise SCM eProcurement 9.2

References

https://www.oracle.com/security-alerts/cpuapr2021.html

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2021
Vulnerability Reserved
Dec 9, 2020