Vulnerability in Oracle PeopleSoft Enterprise CS Student Records Product
CVE-2021-35553

5.4MEDIUM

Key Information:

Vendor: Oracle
Status: Peoplesoft Enterprise Cs Student Records
Vendor: CVE Published:; 20 October 2021

What is CVE-2021-35553?

A security flaw in the Oracle PeopleSoft Enterprise CS Student Records product enables a low-privileged attacker with network access via HTTP to compromise the system. The vulnerability primarily affects the Class Search component, requiring human interaction to execute an attack. Once exploited, this vulnerability could lead to unauthorized updates, inserts, or deletions of critical data, as well as unauthorized read access to sensitive information. Despite targeting PeopleSoft Enterprise CS Student Records, the repercussions may extend to related products, posing significant security risks to affected organizations.

Affected Version(s)

PeopleSoft Enterprise CS Student Records 9.2

References

https://www.oracle.com/security-alerts/cpuoct2021.html

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 20, 2021
Vulnerability Reserved
Jun 28, 2021

CVE-2021-35553 Data

JSON