Vulnerability in Oracle PeopleSoft Enterprise PeopleTools Affects Multiple Versions
CVE-2024-21202

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Peoplesoft Enterprise Peopletools
Vendor: CVE Published:; 15 October 2024

Summary

The vulnerability in Oracle PeopleSoft Enterprise PeopleTools allows unauthenticated attackers with access via HTTP to exploit the system. It affects the supported versions 8.59, 8.60, and 8.61. Exploitation requires human interaction from another individual, enabling unauthorized access, modifications, or deletions of data within PeopleSoft. Additionally, attackers may gain unauthorized read access to some data. This vulnerability implies that even while it specifically resides within PeopleSoft Enterprise PeopleTools, the implications could extend to other associated products, highlighting the need for immediate patching and security measures.

Affected Version(s)

PeopleSoft Enterprise PeopleTools 8.59

PeopleSoft Enterprise PeopleTools 8.60

PeopleSoft Enterprise PeopleTools 8.61

References

https://www.oracle.com/security-alerts/cpuoct2024.html

vendor-advisory

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 15, 2024
Vulnerability Reserved
Dec 7, 2023