CVE-2019-2951

Name of the Vulnerable Software and Affected Versions PeopleSoft Enterprise HCM Human Resources version 9.2

Description The issue is related to inadequate access control in the US Federal Specific component of the PeopleSoft Enterprise HCM Human Resources product. This can be exploited by a remote attacker to gain unauthorized access to protected data using the HTTP protocol. The attacker, with low privileges and network access via HTTP, can compromise the PeopleSoft Enterprise HCM Human Resources, resulting in unauthorized read access to a subset of accessible data.

Recommendations For version 9.2, update to a version that includes a fix for this issue to prevent unauthorized access. As a temporary workaround, consider restricting access to the US Federal Specific component until a patch is available.