Unauthorized Access Vulnerability in Oracle PeopleSoft's Activity Guide Composer
CVE-2021-35543

8.1HIGH

Key Information:

Vendor: Oracle
Status: Peoplesoft Enterprise Cc Common Application Objects
Vendor: CVE Published:; 20 October 2021

Summary

A vulnerability exists in Oracle PeopleSoft's Activity Guide Composer that allows low privileged attackers to exploit it via HTTP. This easily exploitable flaw enables unauthorized creation, deletion, or modification of sensitive data within the PeopleSoft Enterprise CC Common Application Objects. As a result, attackers may gain unauthorized access to critical data across the platform, which poses significant risks to the integrity and confidentiality of the system. Organizations using the affected version should prioritize mitigation strategies to safeguard their data.

Affected Version(s)

PeopleSoft Enterprise CC Common Application Objects 9.2

References

https://www.oracle.com/security-alerts/cpuoct2021.html

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 20, 2021
Vulnerability Reserved
Jun 28, 2021