Navigation Pages Vulnerability in Oracle PeopleSoft Enterprise PeopleTools
CVE-2022-21456

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Peoplesoft Enterprise Pt Peopletools
Vendor: CVE Published:; 19 April 2022

Summary

The identified vulnerability in Oracle PeopleSoft Enterprise PeopleTools affects versions 8.58 and 8.59, enabling unauthenticated attackers to exploit navigation pages through HTTP. This easily exploitable flaw necessitates human interaction for an attack to be successful. While the core vulnerability resides in PeopleSoft Enterprise PeopleTools, its impact could extend to additional products due to scope changes. Successful exploitation can lead to unauthorized access, allowing attackers to update, insert, or delete sensitive data, as well as read information that should remain confidential. Organizations using affected versions are urged to prioritize mitigation strategies to safeguard their data.

Affected Version(s)

PeopleSoft Enterprise PT PeopleTools 8.58

PeopleSoft Enterprise PT PeopleTools 8.59

References

https://www.oracle.com/security-alerts/cpuapr2022.html

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 19, 2022
Vulnerability Reserved
Nov 15, 2021