Vulnerability in Oracle PeopleSoft Enterprise CS Academic Advisement Product
CVE-2021-35571

5.4MEDIUM

Key Information:

Vendor: Oracle
Status: Peoplesoft Enterprise Cs Academic Advisement
Vendor: CVE Published:; 20 October 2021

Summary

A vulnerability exists in the PeopleSoft Enterprise CS Academic Advisement product which allows a low-privileged attacker with network access to compromise the system via HTTP. Successful exploitation can lead to unauthorized updates, inserts, or deletions of accessible data within the PeopleSoft Enterprise CS Academic Advisement module. Furthermore, attackers may gain unauthorized read access to certain data subsets, affecting the confidentiality and integrity of critical academic information.

Affected Version(s)

PeopleSoft Enterprise CS Academic Advisement 9.2

References

https://www.oracle.com/security-alerts/cpuoct2021.html

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 20, 2021
Vulnerability Reserved
Jun 28, 2021