CVE-2023-22047

2023-07-1821:15:14

CWE-306

[email protected]

web.nvd.nist.gov

cve-2023-22047

oracle peoplesoft

enterprise peopletools

portal

vulnerability

unauthorized access

network access

http

cvss 3.1

confidentiality impacts

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

52.4%

JSON

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Affected configurations

Nvd

Node

oraclepeoplesoft_enterpriseMatch8.59

oraclepeoplesoft_enterpriseMatch8.60

VendorProductVersionCPE
oraclepeoplesoft_enterprise8.59cpe:2.3:a:oracle:peoplesoft_enterprise:8.59:*:*:*:*:*:*:*
oraclepeoplesoft_enterprise8.60cpe:2.3:a:oracle:peoplesoft_enterprise:8.60:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	peoplesoft_enterprise	8.59	cpe:2.3:a:oracle:peoplesoft_enterprise:8.59:::::::*
oracle	peoplesoft_enterprise	8.60	cpe:2.3:a:oracle:peoplesoft_enterprise:8.60:::::::*