Lucene search

OracleCVELIST:CVE-2022-21300

HistoryJan 19, 2022 - 11:23 a.m.

CVE-2022-21300

2022-01-1911:23:45

oracle

www.cve.org

vulnerability

oracle peoplesoft

enterprise cs sa

integration pack

9.0

9.2

http

unauthenticated attacker

unauthorized access

critical data

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.5

Confidence

High

EPSS

0.002

Percentile

54.7%

JSON

Vulnerability in the PeopleSoft Enterprise CS SA Integration Pack product of Oracle PeopleSoft (component: Snapshot Integration). Supported versions that are affected are 9.0 and 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise CS SA Integration Pack. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise CS SA Integration Pack accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

CNA Affected

[
  {
    "product": "PeopleSoft Enterprise CS SA Integration Pack",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "9.0"
      },
      {
        "status": "affected",
        "version": "9.2"
      }
    ]
  }
]

References

www.oracle.com/security-alerts/cpujan2022.html

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.5

Confidence

High

EPSS

0.002

Percentile

54.7%

JSON

Related for CVELIST:CVE-2022-21300