PT-2021-1716 · Oracle · Peoplesoft Enterprise Fin Payables

Published

2021-01-20

Updated

2021-01-26

CVE-2021-2044

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions: PeopleSoft Enterprise FIN Payables version 9.2

Description: The issue is related to insufficient input validation in the Financial Sanctions component. It allows a low-privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Payables, resulting in unauthorized access to critical data or complete access to all accessible data.

Recommendations: For version 9.2, update to a version that includes the fix for this issue, as the current version is easily exploitable and allows attackers to access critical data. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2021-00406

CVE-2021-2044

Affected Products

Peoplesoft Enterprise Fin Payables

PT-2021-1716 · Oracle · Peoplesoft Enterprise Fin Payables

CVE-2021-2044

Weakness Enumeration

Related Identifiers

Affected Products

References · 6