Lucene search

OracleVULNRICHMENT:CVE-2021-2377

HistoryJul 20, 2021 - 10:43 p.m.

CVE-2021-2377

2021-07-2022:43:53

oracle

github.com

cve-2021-2377

peoplesoft enterprise peopletools

oracle peoplesoft

sqr

vulnerability

unauthorized access

cvss 3.1

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

5.3

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: SQR). Supported versions that are affected are 8.57, 8.58 and 8.59. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

References

www.oracle.com/security-alerts/cpujul2021.html

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

5.3

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2021-2377