PT-2024-7459 · Oracle · Peoplesoft Enterprise Hcm Human Resources

Published

2024-07-16

Updated

2024-11-05

CVE-2024-21154

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: PeopleSoft Enterprise HCM Human Resources version 9.2

Description: The issue exists due to insufficient input validation in the Human Resources component of PeopleSoft Enterprise HCM Human Resources. This allows a remote attacker to gain unauthorized access to protected information. Successful exploitation can result in unauthorized read access to a subset of accessible data.

Recommendations: For version 9.2, update the software to a version that includes the necessary security patches to address the insufficient input validation issue. As a temporary workaround, consider restricting access to the Human Resources component to minimize the risk of exploitation.

Fix

XSS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-20

Related Identifiers

BDU:2024-08839

CVE-2024-21154

Affected Products

Peoplesoft Enterprise Hcm Human Resources

PT-2024-7459 · Oracle · Peoplesoft Enterprise Hcm Human Resources

CVE-2024-21154

Weakness Enumeration

Related Identifiers

Affected Products

References · 4