Unauthenticated Access Vulnerability in PeopleSoft Enterprise PeopleTools by Oracle
CVE-2022-21470

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Peoplesoft Enterprise Pt Peopletools
Vendor: CVE Published:; 19 April 2022

What is CVE-2022-21470?

The vulnerability in Oracle's PeopleSoft Enterprise PeopleTools allows unauthenticated attackers to gain access via HTTP, leading to unauthorized modifications and access to sensitive data. This vulnerability requires interaction from a legitimate user to be executed, making it particularly dangerous as it can extend its impact to other interconnected systems. It poses a risk of unauthorized data updates, inserts, and deletions, affecting the integrity and confidentiality of the data managed by PeopleSoft.

Affected Version(s)

PeopleSoft Enterprise PT PeopleTools 8.58

PeopleSoft Enterprise PT PeopleTools 8.59

References

https://www.oracle.com/security-alerts/cpuapr2022.html

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 19, 2022
Vulnerability Reserved
Nov 15, 2021