Lucene search

K
cve[email protected]CVE-2017-3577
HistoryApr 24, 2017 - 7:59 p.m.

CVE-2017-3577

2017-04-2419:59:05
web.nvd.nist.gov
28
vulnerability
peoplesoft
enterprise
cs
campus community
oracle
products
frameworks
cve-2017-3577
exploit
data compromise
high privileged attacker
security
nvd

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.3%

Vulnerability in the PeopleSoft Enterprise CS Campus Community component of Oracle PeopleSoft Products (subcomponent: Frameworks). The supported version that is affected is 9.2. Easily “exploitable” vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CS Campus Community. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise CS Campus Community accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise CS Campus Community accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N).

Affected configurations

Vulners
NVD
Node
oraclepeoplesoft_enterprise_cs_campus_communityRange9.2
VendorProductVersionCPE
oraclepeoplesoft_enterprise_cs_campus_community*cpe:2.3:a:oracle:peoplesoft_enterprise_cs_campus_community:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "PeopleSoft Enterprise CS Campus Community",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "9.2"
      }
    ]
  }
]

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.3%

Related for CVE-2017-3577