CVE-2020-2598

Name of the Vulnerable Software and Affected Versions PeopleSoft Enterprise PeopleTools versions 8.56 through 8.57

Description The issue is related to inadequate access control in the Activity Guide component of PeopleSoft Enterprise PeopleTools, allowing a remote attacker to modify, add, or delete data, or gain unauthorized access to protected information. Successful attacks require human interaction and can significantly impact additional products, resulting in unauthorized access to some data as well as unauthorized read access to a subset of accessible data.

Recommendations For versions 8.56 and 8.57, consider restricting access to the Activity Guide component until a patch is available. As a temporary workaround, limit the use of the affected component to minimize the risk of exploitation. Avoid using the vulnerable component in a way that could allow unauthorized access or modifications to sensitive data. At the moment, there is no information about a newer version that contains a fix for this vulnerability.