CVE-2022-21359

Name of the Vulnerable Software and Affected Versions PeopleSoft Enterprise PeopleTools versions 8.57 through 8.59

Description The issue exists due to insufficient input validation in the Optimization Framework component of Oracle PeopleSoft Enterprise PeopleTools. This allows a remote attacker to gain read access to data or modify, add, or delete data using HTTP requests. Successful attacks require human interaction and may significantly impact additional products, resulting in unauthorized access to some of the accessible data.

Recommendations For versions 8.57 through 8.59, consider restricting access to the Optimization Framework component until a patch is available. As a temporary workaround, limit the use of HTTP requests to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.