CVE-2024-21178

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.60:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.61:*:*:*:*:*:*:*

History

21 Nov 2024, 08:53

Type Values Removed Values Added
References () https://www.oracle.com/security-alerts/cpujul2024.html - Vendor Advisory () https://www.oracle.com/security-alerts/cpujul2024.html - Vendor Advisory

19 Jul 2024, 13:36

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad en el producto PeopleSoft Enterprise PeopleTools de Oracle PeopleSoft (componente: Portal). Las versiones compatibles que se ven afectadas son 8.59, 8.60 y 8.61. Una vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer PeopleSoft Enterprise PeopleTools. Los ataques exitosos requieren la interacción humana de una persona distinta del atacante y, si bien la vulnerabilidad está en PeopleSoft Enterprise PeopleTools, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos a esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserción o eliminación de algunos de los datos accesibles de PeopleSoft Enterprise PeopleTools, así como acceso de lectura no autorizado a un subconjunto de datos accesibles de PeopleSoft Enterprise PeopleTools. CVSS 3.1 Puntaje base 6.1 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
CWE CWE-79
References () https://www.oracle.com/security-alerts/cpujul2024.html - () https://www.oracle.com/security-alerts/cpujul2024.html - Vendor Advisory
First Time Oracle peoplesoft Enterprise Peopletools
Oracle
CPE cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.60:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.61:*:*:*:*:*:*:*

16 Jul 2024, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-16 23:15

Updated : 2024-11-21 08:53


NVD link : CVE-2024-21178

Mitre link : CVE-2024-21178

CVE.ORG link : CVE-2024-21178


JSON object : View

Products Affected

oracle

  • peoplesoft_enterprise_peopletools
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')