CVE-2020-2602

Name of the Vulnerable Software and Affected Versions PeopleSoft Enterprise PeopleTools versions 8.56 and 8.57

Description The vulnerability in the Tree Manager component of PeopleSoft Enterprise PeopleTools is due to inadequate access control. Exploitation of this issue can allow an attacker to modify, add, or delete data, or gain unauthorized access to protected information via the HTTP protocol. Successful attacks require human interaction and can significantly impact additional products, resulting in unauthorized access to some data and unauthorized read access to a subset of accessible data.

Recommendations For versions 8.56 and 8.57, apply the necessary patches or updates to fix the vulnerability in the Tree Manager component. As a temporary workaround, consider restricting access to the Tree Manager component to minimize the risk of exploitation.