Unauthenticated Network Vulnerability in Oracle PeopleSoft Enterprise PeopleTools
CVE-2022-21520

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Peoplesoft Enterprise Pt Peopletools
Vendor: CVE Published:; 19 July 2022

Summary

A security concern exists within Oracle's PeopleSoft Enterprise PeopleTools, specifically in the Fluid Core component. The vulnerability permits an unauthenticated attacker with network access via HTTP to potentially compromise the system. Exploitation of this flaw necessitates human interaction from another individual, potentially broadening the attack's effect on various interconnected products. Successful exploitation can lead to unauthorized modifications, including the ability to update, insert, or delete data within PeopleSoft Enterprise PeopleTools, as well as unauthorized access to certain data. This highlights a significant risk to the confidentiality and integrity of accessible data.

Affected Version(s)

PeopleSoft Enterprise PT PeopleTools 8.58

PeopleSoft Enterprise PT PeopleTools 8.59

References

https://www.oracle.com/security-alerts/cpujul2022.html

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 19, 2022
Vulnerability Reserved
Nov 15, 2021