CVE-2020-2912

Name of the Vulnerable Software and Affected Versions PeopleSoft Enterprise CS Campus Community version 9.2

Description The issue is related to insufficient access control in the Self-Service component of the PeopleSoft Enterprise CS Campus Community product. It allows a low-privileged attacker with network access via HTTP to compromise the system, potentially leading to unauthorized read access to a subset of accessible data. Although the vulnerability is in PeopleSoft Enterprise CS Campus Community, successful attacks may have a significant impact on additional products.

Recommendations For version 9.2, consider restricting access to the Self-Service component until a fix is available. As a temporary workaround, limit the use of HTTP protocol for sensitive operations to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.