PT-2021-1790 · Oracle · Peoplesoft Enterprise Peopletools

Published

2021-01-20

Updated

2021-01-26

CVE-2021-2043

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: PeopleSoft Enterprise PeopleTools versions 8.56 through 8.58

Description: The issue exists due to insufficient input validation in the Portal component of PeopleSoft Enterprise PeopleTools. This allows a remote attacker to gain read access to data or modify, add, or delete data using specially crafted HTTP requests. Successful attacks require human interaction and may significantly impact additional products, resulting in unauthorized access to some of the accessible data.

Recommendations: For versions 8.56 through 8.58, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2021-00511

CVE-2021-2043

Affected Products

Peoplesoft Enterprise Peopletools

PT-2021-1790 · Oracle · Peoplesoft Enterprise Peopletools

CVE-2021-2043

Weakness Enumeration

Related Identifiers

Affected Products

References · 6