Main Vulnerability Database Vulnerabilities #VU35960

#VU35960 Improper access control in PeopleSoft Enterprise PeopleTools - CVE-2019-2594

Published: April 23, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU35960

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-2594

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
PeopleSoft Enterprise PeopleTools

Software vendor:
Oracle

Description

The vulnerability allows a remote authenticated user to read and manipulate data.

Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: Application Server). Supported versions that are affected are 8.55, 8.56 and 8.57. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PT PeopleTools accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise PT PeopleTools accessible data. CVSS 3.0 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N).

Remediation

Install update from vendor's website.

External links

http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

#VU35960 Improper access control in PeopleSoft Enterprise PeopleTools - CVE-2019-2594

Description

Remediation

External links

Please verify you're human