Vulnerability in PeopleSoft Enterprise HCM Human Resources by Oracle
CVE-2024-21154

4.3MEDIUM

Key Information:

Vendor: Oracle
Status: Peoplesoft Enterprise Hcm Human Resources
Vendor: CVE Published:; 16 July 2024

Summary

This vulnerability exists in Oracle's PeopleSoft Enterprise HCM Human Resources product, allowing low-privileged attackers with network access through HTTP to potentially gain unauthorized read access to sensitive data. The supported version affected is 9.2, making it crucial for organizations to patch this vulnerability to protect their data integrity and confidentiality.

Affected Version(s)

PeopleSoft Enterprise HCM Human Resources 9.2

References

https://www.oracle.com/security-alerts/cpujul2024.html

vendor-advisory

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 16, 2024