Oracle PeopleSoft Enterprise PeopleTools 8.56/8.57/8.58 Multichannel Framework unknown vulnerability

A vulnerability, which was classified as critical, has been found in Oracle PeopleSoft Enterprise PeopleTools 8.56/8.57/8.58 (Enterprise Resource Planning Software). This issue affects an unknown function of the component Multichannel Framework. Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

130
022

Field

vulnerability_cvss3_meta_tempscore2
vulnerability_cvss3_vuldb_tempscore2
vulnerability_cvss2_vuldb_tempscore2
vulnerability_cvss2_nvd_basescore1
source_cve_cna1

Commit Conf

90%33
50%10
70%9

Approve Conf

90%33
80%10
70%9
IDCommitedUserFieldChangeRemarksAcceptedReasonC
1118338504/26/2021VulD...cvss2_nvd_basescore5.8nist.gov04/26/2021accepted
90
1118338404/26/2021VulD...cve_cnaOraclenvd.nist.gov04/26/2021accepted
70
1118338304/26/2021VulD...cvss2_nvd_aiNnvd.nist.gov04/26/2021accepted
70
1118338204/26/2021VulD...cvss2_nvd_iiPnvd.nist.gov04/26/2021accepted
70
1118338104/26/2021VulD...cvss2_nvd_ciPnvd.nist.gov04/26/2021accepted
70
1118338004/26/2021VulD...cvss2_nvd_auNnvd.nist.gov04/26/2021accepted
70
1118337904/26/2021VulD...cvss2_nvd_acMnvd.nist.gov04/26/2021accepted
70
1118337804/26/2021VulD...cvss2_nvd_avNnvd.nist.gov04/26/2021accepted
70
1118337704/26/2021VulD...cvss3_meta_tempscore5.8see CVSS documentation04/26/2021accepted
90
1118337604/26/2021VulD...cvss3_vuldb_tempscore5.8see CVSS documentation04/26/2021accepted
90
1118337504/26/2021VulD...cvss2_vuldb_tempscore5.6see CVSS documentation04/26/2021accepted
90
1118337404/26/2021VulD...cve_nvd_summaryVulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Multichannel Framework). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).cve.mitre.org04/26/2021accepted
70
1118337304/26/2021VulD...cve_assigned1607468400cve.mitre.org04/26/2021accepted
70
1116924204/23/2021VulD...price_0day$5k-$25ksee exploit price documentation04/23/2021accepted
90
1116924104/23/2021VulD...cvss3_meta_tempscore6.1see CVSS documentation04/23/2021accepted
90
1116924004/23/2021VulD...cvss3_meta_basescore6.1see CVSS documentation04/23/2021accepted
90
1116923904/23/2021VulD...cvss3_vuldb_tempscore6.1see CVSS documentation04/23/2021accepted
90
1116923804/23/2021VulD...cvss3_vuldb_basescore6.1see CVSS documentation04/23/2021accepted
90
1116923704/23/2021VulD...cvss2_vuldb_tempscore6.4see CVSS documentation04/23/2021accepted
90
1116923604/23/2021VulD...cvss2_vuldb_basescore6.4see CVSS documentation04/23/2021accepted
90

32 more entries are not shown

Want to stay up to date on a daily basis?

Enable the mail alert feature now!