Oracle PeopleSoft Enterprise PeopleTools 8.56/8.57/8.58 Multichannel Framework okänd sårbarhet

En kritiskt svag punkt upptäcktes i Oracle PeopleSoft Enterprise PeopleTools 8.56/8.57/8.58 (Enterprise Resource Planning Software). Som påverkar en okänd funktion av komponenten Multichannel Framework. En uppgradering att åtgärda problemet. En möjlig åtgärd har utfärdats omedelbart efter offentliggörandet.

Fält23/04/2021 06:4026/04/2021 13:2826/04/2021 13:30
vendorOracleOracleOracle
namePeopleSoft Enterprise PeopleToolsPeopleSoft Enterprise PeopleToolsPeopleSoft Enterprise PeopleTools
cveCVE-2021-2216CVE-2021-2216CVE-2021-2216
componentMultichannel FrameworkMultichannel FrameworkMultichannel Framework
risk222
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiRRR
cvss3_vuldb_sCCC
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aNNN
cvss3_vuldb_rcCCC
cvss3_vuldb_rlOOO
version8.56/8.57/8.588.56/8.57/8.588.56/8.57/8.58
urlhttps://www.oracle.com/security-alerts/cpuapr2021.htmlhttps://www.oracle.com/security-alerts/cpuapr2021.htmlhttps://www.oracle.com/security-alerts/cpuapr2021.html
date1618956000 (21/04/2021)1618956000 (21/04/2021)1618956000 (21/04/2021)
date1618956000 (21/04/2021)1618956000 (21/04/2021)1618956000 (21/04/2021)
identifierOracle Critical Patch Update Advisory - April 2021Oracle Critical Patch Update Advisory - April 2021Oracle Critical Patch Update Advisory - April 2021
nameUpgradeUpgradeUpgrade
typeEnterprise Resource Planning SoftwareEnterprise Resource Planning SoftwareEnterprise Resource Planning Software
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiNNN
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_eNDNDND
cvss3_vuldb_eXXX
cvss2_vuldb_basescore6.46.46.4
cvss2_vuldb_tempscore6.45.65.6
cvss3_vuldb_basescore6.16.16.1
cvss3_vuldb_tempscore6.15.85.8
cvss3_meta_basescore6.16.16.1
cvss3_meta_tempscore6.15.85.8
price_0day$5k-$25k$5k-$25k$5k-$25k
cve_assigned1607468400 (09/12/2020)1607468400 (09/12/2020)
cve_nvd_summaryVulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Multichannel Framework). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Multichannel Framework). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
cvss2_nvd_avN
cvss2_nvd_acM
cvss2_nvd_auN
cvss2_nvd_ciP
cvss2_nvd_iiP
cvss2_nvd_aiN
cve_cnaOracle
cvss2_nvd_basescore5.8

Want to stay up to date on a daily basis?

Enable the mail alert feature now!