CVE-2022-39406

Vulnerability in the PeopleSoft Enterprise Common Components product of Oracle PeopleSoft (component: Approval Framework). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise Common Components. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise Common Components accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise Common Components accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.oracle.com/security-alerts/cpuoct2022.html	Patch Vendor Advisory
https://www.oracle.com/security-alerts/cpuoct2022.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:oracle:peoplesoft_enterprise_common_components:9.2:*:*:*:*:*:*:*

History

21 Nov 2024, 07:18

Type	Values Removed	Values Added
References	~~() https://www.oracle.com/security-alerts/cpuoct2022.html - Patch, Vendor Advisory~~	() https://www.oracle.com/security-alerts/cpuoct2022.html - Patch, Vendor Advisory

23 Sep 2024, 18:35

Type	Values Removed	Values Added
CWE		CWE-284

Information

Published : 2022-10-18 21:15

Updated : 2024-11-21 07:18

NVD link : CVE-2022-39406

Mitre link : CVE-2022-39406

CVE.ORG link : CVE-2022-39406

JSON object : View

Products Affected

oracle

peoplesoft_enterprise_common_components

CWE

NVD-CWE-noinfo CWE-284

Improper Access Control

{"id": "CVE-2022-39406", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert_us@oracle.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2022-10-18T21:15:15.120", "references": [{"url": "https://www.oracle.com/security-alerts/cpuoct2022.html", "tags": ["Patch", "Vendor Advisory"], "source": "secalert_us@oracle.com"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2022.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the PeopleSoft Enterprise Common Components product of Oracle PeopleSoft (component: Approval Framework). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise Common Components. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise Common Components accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise Common Components accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."}, {"lang": "es", "value": "Una vulnerabilidad en el producto PeopleSoft Enterprise Common Components de Oracle PeopleSoft (componente: Approval Framework). La versi\u00f3n soportada que est\u00e1 afectada es la 9.2. Una vulnerabilidad explotable f\u00e1cilmente permite a un atacante poco privilegiado y acceso a la red por medio de HTTP comprometer PeopleSoft Enterprise Common Components. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la creaci\u00f3n no autorizada, la eliminaci\u00f3n o el acceso a la modificaci\u00f3n de los datos cr\u00edticos o de todos los datos accesibles de PeopleSoft Enterprise Common Components, as\u00ed como el acceso no autorizado a los datos cr\u00edticos o el acceso completo a todos los datos accesibles de PeopleSoft Enterprise Common Components. CVSS 3.1 Puntuaci\u00f3n Base 8.1 (impactos de Confidencialidad e Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)"}], "lastModified": "2024-11-21T07:18:13.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_common_components:9.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9EACC23-85B2-4FC1-A4B5-2D229CF0CAB6"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}