CVE-2020-2782

Name of the Vulnerable Software and Affected Versions PeopleSoft Enterprise PeopleTools versions 8.56 through 8.58

Description The issue is related to insufficient access controls in the Query component of Oracle PeopleSoft Enterprise PeopleTools. It can be exploited by a remote attacker to cause a denial of service or gain unauthorized access to protected information via the HTTP protocol. Successful attacks may require human interaction and can significantly impact additional products, resulting in unauthorized access to data, including update, insert, or delete access, as well as read access to a subset of data. The vulnerability can also lead to a partial denial of service.

Recommendations For versions 8.56 through 8.58, consider restricting access to the Query component until a patch is available to prevent unauthorized access and denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.