Vulnerability in PeopleSoft Enterprise PeopleTools Rich Text Editor by Oracle
CVE-2022-21369

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Peoplesoft Enterprise Pt Peopletools
Vendor: CVE Published:; 19 January 2022

What is CVE-2022-21369?

An exploitable security misconfiguration in Oracle's PeopleSoft Enterprise PeopleTools, particularly within the Rich Text Editor component, allows unauthenticated attackers with network access to compromise the system. Successful exploitation necessitates human interaction from another user, which can lead to unauthorized access, enabling attackers to update, insert, or delete data, in addition to reading sensitive information. This vulnerability poses a significant risk to data integrity and confidentiality within applications utilizing PeopleSoft Enterprise PeopleTools.

Affected Version(s)

PeopleSoft Enterprise PT PeopleTools 8.57

PeopleSoft Enterprise PT PeopleTools 8.58

PeopleSoft Enterprise PT PeopleTools 8.59

References

https://www.oracle.com/security-alerts/cpujan2022.html

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 19, 2022
Vulnerability Reserved
Nov 15, 2021