Vulnerability in Oracle PeopleSoft's My Links Component
CVE-2022-21450

5.4MEDIUM

Key Information:

Vendor: Oracle
Status: Peoplesoft Enterprise Prtl Interaction Hub
Vendor: CVE Published:; 19 April 2022

Summary

The PeopleSoft Enterprise PRTL Interaction Hub, part of Oracle's PeopleSoft offerings, contains a vulnerability in its My Links component. This vulnerability allows an attacker with low privileges to compromise the system with network access via HTTP. Exploitation of this weakness necessitates human interaction from an individual other than the attacker, which could lead to unauthorized alterations, such as updates, insertions, or deletions of accessible data within the Interaction Hub. Furthermore, it poses risks for unauthorized reading of a subset of data, thereby potentially affecting other interconnected products.

Affected Version(s)

PeopleSoft Enterprise PRTL Interaction Hub 9.1

References

https://www.oracle.com/security-alerts/cpuapr2022.html

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 19, 2022
Vulnerability Reserved
Nov 15, 2021