Vulnerability in PeopleSoft Enterprise PeopleTools Could Lead to Unauthorized Data Access
CVE-2024-21180

4.1MEDIUM

Key Information:

Vendor: Oracle
Status: Peoplesoft Enterprise Pt Peopletools
Vendor: CVE Published:; 16 July 2024

Summary

A vulnerability exists within the OpenSearch Dashboards component of Oracle's PeopleSoft Enterprise PeopleTools. It affects versions 8.59, 8.60, and 8.61 and can be exploited by low-privileged attackers who have network access via HTTP. This exploitation requires human interaction from someone other than the attacker and can lead to unauthorized read access to certain data within PeopleSoft Enterprise PeopleTools. The implications of this vulnerability extend beyond PeopleTools, potentially affecting other products as the scope may change. Organizations utilizing Oracle PeopleSoft should assess their systems to mitigate the risks associated with this vulnerability.

Affected Version(s)

PeopleSoft Enterprise PT PeopleTools 8.59

PeopleSoft Enterprise PT PeopleTools 8.60

PeopleSoft Enterprise PT PeopleTools 8.61

References

https://www.oracle.com/security-alerts/cpujul2024.html

vendor-advisory

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 16, 2024