CVE-2023-22047

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
References
Link Resource
https://www.oracle.com/security-alerts/cpujul2023.html Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:oracle:peoplesoft_enterprise:8.59:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise:8.60:*:*:*:*:*:*:*

History

13 Sep 2024, 17:35

Type Values Removed Values Added
CWE CWE-306

27 Jul 2023, 17:34

Type Values Removed Values Added
First Time Oracle
Oracle peoplesoft Enterprise
CWE NVD-CWE-noinfo
References (MISC) https://www.oracle.com/security-alerts/cpujul2023.html - (MISC) https://www.oracle.com/security-alerts/cpujul2023.html - Patch, Vendor Advisory
CPE cpe:2.3:a:oracle:peoplesoft_enterprise:8.60:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise:8.59:*:*:*:*:*:*:*

18 Jul 2023, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-07-18 21:15

Updated : 2024-09-13 17:35


NVD link : CVE-2023-22047

Mitre link : CVE-2023-22047

CVE.ORG link : CVE-2023-22047


JSON object : View

Products Affected

oracle

  • peoplesoft_enterprise
CWE
NVD-CWE-noinfo CWE-306

Missing Authentication for Critical Function