Unauthorized Access to Sensitive Data in PeopleSoft ELM
CVE-2024-21286

5.4MEDIUM

Key Information:

Vendor: Oracle
Status: Peoplesoft Enterprise Elm Enterprise Learning Management
Vendor: CVE Published:; 15 October 2024

Summary

A vulnerability exists in the PeopleSoft Enterprise ELM product from Oracle, specifically affecting version 9.2. This security issue allows an attacker with low privileges and network access via HTTP to potentially compromise the Enterprise Learning Management system. Although the exploit requires human interaction from another person, the implications extend beyond the immediate product, possibly affecting additional systems. Successful exploitation could lead to unauthorized access, allowing the attacker to update, insert, or delete data and gain unauthorized read access to certain datasets within PeopleSoft Enterprise ELM. Organizations relying on this software need to take proactive measures to mitigate risks associated with this vulnerability.

Affected Version(s)

PeopleSoft Enterprise ELM Enterprise Learning Management 9.2

References

https://www.oracle.com/security-alerts/cpuoct2024.html

vendor-advisory

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 15, 2024
Vulnerability Reserved
Dec 7, 2023

Collectors

NVD DatabaseMitre Database