CVE-2018-3072

Name of the Vulnerable Software and Affected Versions Oracle PeopleSoft Products version 9.2

Description The issue affects the Candidate Gateway subcomponent of the PeopleSoft HRMS component, allowing an unauthenticated attacker with network access via HTTP to compromise PeopleSoft HRMS. This can result in unauthorized read access to a subset of PeopleSoft HRMS accessible data.

Recommendations For version 9.2, update to a version that includes a fix for this issue, as the current version allows unauthorized access to sensitive data.