CVE-2019-2598

Name of the Vulnerable Software and Affected Versions PeopleSoft Enterprise PeopleTools versions 8.55 through 8.57

Description The issue is related to insufficient access controls in a subcomponent of PeopleSoft Enterprise PeopleTools, specifically the SQR component. This can be exploited by a remote attacker to gain unauthorized access to modify, add, or delete data using the HTTP protocol. Successful attacks can result in unauthorized access to critical data or complete access to all accessible data within PeopleSoft Enterprise PeopleTools.

Recommendations For versions 8.55 through 8.57, consider restricting access to the SQR subcomponent until a patch is available to prevent potential exploitation. Additionally, review and enforce strict access controls and privileges for all users interacting with PeopleSoft Enterprise PeopleTools to minimize the risk of unauthorized data modification or access.