Summaryinfo

A vulnerability classified as critical was found in Oracle PeopleSoft Enterprise PeopleTools 8.58/8.59/8.60. Affected by this vulnerability is an unknown functionality of the component Integration Broker. Such manipulation leads to information disclosure. This vulnerability is listed as CVE-2021-37533. The attack may be performed from remote. There is no available exploit.

Detailsinfo

A vulnerability was found in Oracle PeopleSoft Enterprise PeopleTools 8.58/8.59/8.60 (Enterprise Resource Planning Software) and classified as critical. Affected by this issue is an unknown function of the component Integration Broker. The manipulation with an unknown input leads to a information disclosure vulnerability. Using CWE to declare the problem leads to CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. Impacted is confidentiality.

The weakness was presented 04/18/2023 as Oracle Critical Patch Update Advisory - April 2023. The advisory is shared for download at oracle.com. This vulnerability is handled as CVE-2021-37533. Successful exploitation requires user interaction by the victim. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1592.

A possible mitigation has been published immediately after the disclosure of the vulnerability.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Type

• Enterprise Resource Planning Software

Vendor

• Oracle

Name

• PeopleSoft Enterprise PeopleTools

Version

• 8.58
• 8.59
• 8.60

License

• commercial

Website

• Vendor: https://www.oracle.com

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion