A vulnerability was found in Oracle PeopleSoft Enterprise HCM 9.1/9.2 (Enterprise Resource Planning Software). It has been classified as critical. Affected is an unknown code block of the component Fusion HR Talent Integration. The manipulation with an unknown input leads to a information disclosure vulnerability. CWE is classifying the issue as CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. This is going to have an impact on confidentiality. CVE summarizes:

Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via vectors related to Fusion HR Talent Integration.

The weakness was released 04/19/2016 as Oracle Critical Patch Update Advisory - April 2016 as confirmed advisory (Website). The advisory is available at oracle.com. This vulnerability is traded as CVE-2016-0407 since 12/09/2015. The exploitability is told to be easy. It is possible to launch the attack remotely. The requirement for exploitation is a authentication. The technical details are unknown and an exploit is not available. This vulnerability is assigned to T1592 by the MITRE ATT&CK project.

Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Entries connected to this vulnerability are available at 12776, 78153, 82623 and 82615.

Productinfo

Type

• Enterprise Resource Planning Software

Vendor

• Oracle

Name

• PeopleSoft Enterprise HCM

Version

• 9.1
• 9.2

License

• commercial

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion