CVE-2021-35606

Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (component: Notification Framework). Supported versions that are affected are 9.0 and 9.2. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the PeopleSoft Enterprise CS Campus Community executes to compromise PeopleSoft Enterprise CS Campus Community. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise CS Campus Community accessible data. CVSS 3.1 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

CVSS v3 5.7 MEDIUM
CVSS v2.0 2.7 LOW

5.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.1 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.7^/10

CVSS v2.0 : LOW

Vector : AV:A/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 5.1 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.oracle.com/security-alerts/cpuoct2021.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:oracle:peoplesoft_enterprise_cs_campus_community:9.0:::::::*
	cpe:2.3:a:oracle:peoplesoft_enterprise_cs_campus_community:9.2:::::::*

History

No history.

Information

Published : 2021-10-20 11:17

Updated : 2024-02-28 18:48

NVD link : CVE-2021-35606

Mitre link : CVE-2021-35606

CVE.ORG link : CVE-2021-35606

JSON object : View

Products Affected

oracle

peoplesoft_enterprise_cs_campus_community

CWE

NVD-CWE-noinfo

{"id": "CVE-2021-35606", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.7, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 5.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.1}, {"type": "Secondary", "source": "secalert_us@oracle.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.1}]}, "published": "2021-10-20T11:17:06.477", "references": [{"url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "tags": ["Patch", "Vendor Advisory"], "source": "secalert_us@oracle.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (component: Notification Framework). Supported versions that are affected are 9.0 and 9.2. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the PeopleSoft Enterprise CS Campus Community executes to compromise PeopleSoft Enterprise CS Campus Community. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise CS Campus Community accessible data. CVSS 3.1 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."}, {"lang": "es", "value": "Una vulnerabilidad en el producto PeopleSoft Enterprise CS Campus Community de Oracle PeopleSoft (componente: Notification Framework). Las versiones compatibles que est\u00e1n afectadas son 9.0 y la 9.2. Una vulnerabilidad explotable f\u00e1cilmente permite a un atacante poco privilegiado que tenga acceso al segmento de comunicaci\u00f3n f\u00edsico conectado al hardware donde se ejecuta PeopleSoft Enterprise CS Campus Community, comprometer PeopleSoft Enterprise CS Campus Community. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en un acceso no autorizado a datos cr\u00edticos o el acceso completo a todos los datos accesibles de PeopleSoft Enterprise CS Campus Community. CVSS 3.1 Puntuaci\u00f3n Base 5.7 (impactos en la Confidencialidad). Vector CVSS: (CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)"}], "lastModified": "2021-10-26T17:21:52.040", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_cs_campus_community:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01A66732-1608-481B-8502-62721209E771"}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_cs_campus_community:9.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFD83677-632A-4DB2-8363-62DBFFDCECE4"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}