CVE-2024-21070

Name of the Vulnerable Software and Affected Versions: PeopleSoft Enterprise PeopleTools versions 8.59 through 8.61

Description: The vulnerability exists in the Search Framework component of PeopleSoft Enterprise PeopleTools due to insufficient input validation. It allows a remote attacker to gain read, modify, add, or delete access to data via the HTTP protocol. Successful attacks require human interaction from a person other than the attacker and can result in unauthorized update, insert, or delete access to some of PeopleSoft Enterprise PeopleTools accessible data, as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data.

Recommendations: For versions 8.59 through 8.61, consider disabling the Search Framework component until a patch is available to prevent exploitation. Restrict access to the Search Framework component to minimize the risk of unauthorized data access. Avoid using the HTTP protocol for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.