Vulnerability in Elastic Search Component of PeopleSoft Enterprise by Oracle
CVE-2023-21981

4.9MEDIUM

Key Information:

Vendor: Oracle
Status: Peoplesoft Enterprise Pt Peopletools
Vendor: CVE Published:; 18 April 2023

Summary

A vulnerability exists in the Elastic Search component of the Oracle PeopleSoft Enterprise PeopleTools product. This flaw can be exploited easily by a high-privileged attacker with network access via HTTP, leading to unauthorized access to sensitive data. Affected versions include 8.58, 8.59, and 8.60. Successful exploitation may allow attackers to access critical data or potentially gain complete access to all data accessible within the PeopleSoft Enterprise environment.

Affected Version(s)

PeopleSoft Enterprise PT PeopleTools 8.58

PeopleSoft Enterprise PT PeopleTools 8.59

PeopleSoft Enterprise PT PeopleTools 8.60

References

https://www.oracle.com/security-alerts/cpuapr2023.html

vendor-advisory

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 18, 2023
Vulnerability Reserved
Dec 17, 2022