Vulnerability in Oracle PeopleSoft Academic Advisement Product
CVE-2022-21447

6.5MEDIUM

Key Information:

Vendor: Oracle
Status: Peoplesoft Enterprise Cs Academic Advisement
Vendor: CVE Published:; 19 April 2022

Summary

An exploitable authorization bypass vulnerability exists in the PeopleSoft Enterprise CS Academic Advisement product from Oracle. This flaw allows attackers with low privileges and network access to compromise the system via HTTP. Successful exploitation can lead to unauthorized access to sensitive information and potential control over accessible data within the PeopleSoft platform.

Affected Version(s)

PeopleSoft Enterprise CS Academic Advisement 9.2

References

https://www.oracle.com/security-alerts/cpuapr2022.html

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 19, 2022
Vulnerability Reserved
Nov 15, 2021