cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2025-21563,https://securityvulnerability.io/vulnerability/CVE-2025-21563,Vulnerability in Oracle PeopleSoft Enterprise CC Run Control Management,"A vulnerability has been identified in the Run Control Management component of Oracle PeopleSoft Enterprise CC Common Application Objects, which could allow a low-privileged attacker with network access via HTTP to manipulate the application. This exploitation can lead to unauthorized updates, inserts, or deletions of data within some application objects, impacting the integrity of the data being processed.",Oracle,Peoplesoft Enterprise Cc Common Application Objects,4.3,MEDIUM,0.01,false,false,false,false,false,false,false,2025-01-21T20:53:21.250Z,0
CVE-2025-21562,https://securityvulnerability.io/vulnerability/CVE-2025-21562,Low Privilege Vulnerability in Oracle PeopleSoft Enterprise CC Application,"A vulnerability exists in Oracle People's PeopleSoft Enterprise CC Common Application Objects, specifically in the Run Control Management component. This flaw allows low-privileged attackers with network access via HTTP to exploit the system. Successful exploitation can lead to unauthorized read access to a portion of the accessible data within the PeopleSoft system, which can have implications for data confidentiality. Consequently, organizations using this version should take measures to mitigate potential breaches and secure their applications.",Oracle,Peoplesoft Enterprise Cc Common Application Objects,4.3,MEDIUM,0.01,false,false,false,false,false,false,false,2025-01-21T20:53:20.855Z,0
CVE-2025-21561,https://securityvulnerability.io/vulnerability/CVE-2025-21561,Vulnerability in Oracle PeopleSoft Enterprise SCM Purchasing 9.2,"A vulnerability exists in Oracle PeopleSoft Enterprise SCM Purchasing 9.2 that allows low privileged attackers with network access via HTTP to manipulate accessible data. This flaw can lead to unauthorized updates, insertions, or deletions, as well as unauthorized read access to a subset of data within the system. The issue arises from improper access controls, making it easy for attackers to exploit the system and potentially compromise data integrity and confidentiality.",Oracle,Peoplesoft Enterprise Scm Purchasing,5.4,MEDIUM,0.01,false,false,false,false,false,false,false,2025-01-21T20:53:20.489Z,0
CVE-2025-21545,https://securityvulnerability.io/vulnerability/CVE-2025-21545,Remote Denial of Service Vulnerability in Oracle PeopleSoft Enterprise PeopleTools,"An exploitable vulnerability exists in the OpenSearch component of Oracle PeopleSoft Enterprise PeopleTools, affecting versions 8.60 and 8.61. This flaw enables unauthenticated attackers to gain network access via HTTP, potentially leading to a denial of service. Attackers can leverage this vulnerability to disrupt service, causing frequent crashes or system hangs without any authentication requirement.",Oracle,Peoplesoft Enterprise Peopletools,7.5,HIGH,0.01,false,false,false,false,false,false,false,2025-01-21T20:53:14.338Z,0
CVE-2025-21539,https://securityvulnerability.io/vulnerability/CVE-2025-21539,Vulnerability in Oracle PeopleSoft Enterprise FIN eSettlements Product,"A security issue exists in Oracle's PeopleSoft Enterprise FIN eSettlements product. This vulnerability is easily exploitable, permitting a low-privileged attacker with network access via HTTP to compromise the system. Successful exploitation can lead to unauthorized updates, insertions, and deletions of data, along with unauthorized reading of sensitive information within PeopleSoft Enterprise FIN eSettlements. Organizations using the affected version, 9.2, should take prompt action to secure their systems against this threat.",Oracle,Peoplesoft Enterprise Fin Esettlements,5.4,MEDIUM,0.01,false,false,false,false,false,false,false,2025-01-21T20:53:11.916Z,0
CVE-2025-21537,https://securityvulnerability.io/vulnerability/CVE-2025-21537,SQL Injection Vulnerability in Oracle PeopleSoft Cash Management,"A SQL Injection vulnerability exists in the Oracle PeopleSoft Enterprise FIN Cash Management product affecting version 9.2. This flaw can be exploited by low-privileged attackers with network access via HTTP, allowing unauthorized manipulation of data. Successful exploitation could lead to unauthorized updates, insertions, deletions, and reading of sensitive data, compromising both confidentiality and integrity within the application. Organizations using this version are advised to apply security patches promptly to safeguard against potential breaches.",Oracle,Peoplesoft Enterprise Fin Cash Management,5.4,MEDIUM,0.01,false,false,false,false,false,false,false,2025-01-21T20:53:11.110Z,0
CVE-2025-21530,https://securityvulnerability.io/vulnerability/CVE-2025-21530,Unauthorized Access Vulnerability in Oracle PeopleSoft Enterprise PeopleTools,An exploitable vulnerability exists in Oracle's PeopleSoft Enterprise PeopleTools that may allow a low-privileged attacker with network access via HTTP to gain unauthorized read access to sensitive data. Affected versions include 8.60 and 8.61. Mitigating this vulnerability is essential to protect access-controlled information from unauthorized visibility.,Oracle,Peoplesoft Enterprise Peopletools,4.3,MEDIUM,0.01,false,false,false,false,false,false,false,2025-01-21T20:53:08.312Z,0
CVE-2024-21286,https://securityvulnerability.io/vulnerability/CVE-2024-21286,Unauthorized Access to Sensitive Data in PeopleSoft ELM,"A vulnerability exists in the PeopleSoft Enterprise ELM product from Oracle, specifically affecting version 9.2. This security issue allows an attacker with low privileges and network access via HTTP to potentially compromise the Enterprise Learning Management system. Although the exploit requires human interaction from another person, the implications extend beyond the immediate product, possibly affecting additional systems. Successful exploitation could lead to unauthorized access, allowing the attacker to update, insert, or delete data and gain unauthorized read access to certain datasets within PeopleSoft Enterprise ELM. Organizations relying on this software need to take proactive measures to mitigate risks associated with this vulnerability.",Oracle,Peoplesoft Enterprise Elm Enterprise Learning Management,5.4,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-10-15T19:53:03.774Z,0
CVE-2024-21283,https://securityvulnerability.io/vulnerability/CVE-2024-21283,Vulnerability in Oracle PeopleSoft Global Payroll Core,"A critical vulnerability has been identified in Oracle's PeopleSoft Enterprise HCM Global Payroll Core product, specifically within the Global Payroll for Core component. This vulnerability impacts versions 9.2.48 through 9.2.50 and allows attackers with low-level privileges and network access via HTTP to exploit it. Successful exploitation can lead to unauthorized creation, deletion, or modification of critical data. Attackers could potentially gain complete access to all data within the PeopleSoft Enterprise HCM Global Payroll Core, jeopardizing the integrity and confidentiality of sensitive information. Organizations using the affected versions should prioritize applying the necessary patches to safeguard against these risks.",Oracle,Peoplesoft Enterprise Hcm Global Payroll Core,8.1,HIGH,0.0004799999878741801,false,false,false,false,,false,false,2024-10-15T19:53:02.811Z,0
CVE-2024-21264,https://securityvulnerability.io/vulnerability/CVE-2024-21264,Low-privileged attacker can compromise data in PeopleSoft Enterprise CC Common Application Objects,"Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Activity Guide Composer).   The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of PeopleSoft Enterprise CC Common Application Objects accessible data as well as  unauthorized read access to a subset of PeopleSoft Enterprise CC Common Application Objects accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",Oracle,Peoplesoft Enterprise Cc Common Application Objects,5.4,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-10-15T19:52:55.591Z,0
CVE-2024-21255,https://securityvulnerability.io/vulnerability/CVE-2024-21255,PeopleSoft Enterprise PeopleTools Vulnerability,"This vulnerability in the PeopleSoft Enterprise PeopleTools software, specifically within the XMLPublisher component, presents a significant risk to users. It allows attackers with low privileges, who can access the network via HTTP, to exploit the system. Successful exploitation can lead to the complete takeover of the PeopleSoft Enterprise PeopleTools application, jeopardizing the confidentiality, integrity, and availability of sensitive data processed within the system. Supported versions affected by this vulnerability include 8.59, 8.60, and 8.61. Organizations using these versions should prioritize applying patches and mitigating exposure to protect their systems.",Oracle,Peoplesoft Enterprise Peopletools,8.8,HIGH,0.0004799999878741801,false,false,false,false,,false,false,2024-10-15T19:52:52.972Z,0
CVE-2024-21249,https://securityvulnerability.io/vulnerability/CVE-2024-21249,Vulnerability in PeopleSoft Enterprise FIN Expenses Could Lead to Unauthorized Data Access,Vulnerability in the PeopleSoft Enterprise FIN Expenses product of Oracle PeopleSoft (component: Expenses).   The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Expenses.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of PeopleSoft Enterprise FIN Expenses accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).,Oracle,Peoplesoft Enterprise Fin Expenses,4.3,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-10-15T19:52:51.089Z,0
CVE-2024-21214,https://securityvulnerability.io/vulnerability/CVE-2024-21214,Query Vulnerability in Oracle PeopleSoft Enterprise PeopleTools,"A vulnerability exists in the Oracle PeopleSoft Enterprise PeopleTools product, specifically within the Query component. This vulnerability is present in supported versions 8.59, 8.60, and 8.61 and can be easily exploited by a low privileged attacker with network access via HTTP. Exploitation may lead to unauthorized creation, deletion, or modification of critical data. Additionally, attackers could gain unauthorized access to all data accessible within PeopleSoft Enterprise PeopleTools, raising serious concerns regarding confidentiality and integrity of sensitive information.",Oracle,Peoplesoft Enterprise Peopletools,8.1,HIGH,0.0004799999878741801,false,false,false,false,,false,false,2024-10-15T19:52:42.872Z,0
CVE-2024-21202,https://securityvulnerability.io/vulnerability/CVE-2024-21202,Vulnerability in Oracle PeopleSoft Enterprise PeopleTools Affects Multiple Versions,"The vulnerability in Oracle PeopleSoft Enterprise PeopleTools allows unauthenticated attackers with access via HTTP to exploit the system. It affects the supported versions 8.59, 8.60, and 8.61. Exploitation requires human interaction from another individual, enabling unauthorized access, modifications, or deletions of data within PeopleSoft. Additionally, attackers may gain unauthorized read access to some data. This vulnerability implies that even while it specifically resides within PeopleSoft Enterprise PeopleTools, the implications could extend to other associated products, highlighting the need for immediate patching and security measures.",Oracle,Peoplesoft Enterprise Peopletools,6.1,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-10-15T19:52:38.756Z,0
CVE-2024-21158,https://securityvulnerability.io/vulnerability/CVE-2024-21158,Vulnerability in PeopleSoft Enterprise PeopleTools Could Lead to Data Access,"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal).  Supported versions that are affected are 8.59, 8.60 and  8.61. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools.  While the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as  unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.4 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N).",Oracle PeopleSoft,Peoplesoft Enterprise Peopletools,6.4,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-07-16T23:15:00.000Z,0
CVE-2024-21154,https://securityvulnerability.io/vulnerability/CVE-2024-21154,Vulnerability in PeopleSoft Enterprise HCM Human Resources by Oracle,"This vulnerability exists in Oracle's PeopleSoft Enterprise HCM Human Resources product, allowing low-privileged attackers with network access through HTTP to potentially gain unauthorized read access to sensitive data. The supported version affected is 9.2, making it crucial for organizations to patch this vulnerability to protect their data integrity and confidentiality.",Oracle,Peoplesoft Enterprise Hcm Human Resources,4.3,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-07-16T23:15:00.000Z,0
CVE-2024-21122,https://securityvulnerability.io/vulnerability/CVE-2024-21122,Vulnerability in Oracle PeopleSoft Enterprise HCM Shared Components,"A vulnerability exists in the Oracle PeopleSoft Enterprise HCM Shared Components, specifically within the Text Catalog component. This flaw allows a low-privileged attacker with network access to exploit the system, impacting the integrity and confidentiality of accessed data. While a successful exploit demands human interaction from an uninvolved party, the consequences can extend beyond the immediate product, potentially affecting other associated applications. Exploits may result in unauthorized modifications, deletions, or readings of sensitive data stored within the PeopleSoft environment.",Oracle,Peoplesoft Enterprise Hcm Shared Components,5.4,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-07-16T23:15:00.000Z,0
CVE-2024-21178,https://securityvulnerability.io/vulnerability/CVE-2024-21178,Unauthorized Access to Data in PeopleSoft Enterprise PeopleTools Could Occur via HTTP,"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal).  Supported versions that are affected are 8.59, 8.60 and  8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as  unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",Oracle,Peoplesoft Enterprise Pt Peopletools,6.1,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-07-16T23:15:00.000Z,0
CVE-2024-21180,https://securityvulnerability.io/vulnerability/CVE-2024-21180,Vulnerability in PeopleSoft Enterprise PeopleTools Could Lead to Unauthorized Data Access,"A vulnerability exists within the OpenSearch Dashboards component of Oracle's PeopleSoft Enterprise PeopleTools. It affects versions 8.59, 8.60, and 8.61 and can be exploited by low-privileged attackers who have network access via HTTP. This exploitation requires human interaction from someone other than the attacker and can lead to unauthorized read access to certain data within PeopleSoft Enterprise PeopleTools. The implications of this vulnerability extend beyond PeopleTools, potentially affecting other products as the scope may change. Organizations utilizing Oracle PeopleSoft should assess their systems to mitigate the risks associated with this vulnerability.",Oracle,Peoplesoft Enterprise Pt Peopletools,4.1,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-07-16T23:15:00.000Z,0
CVE-2024-21097,https://securityvulnerability.io/vulnerability/CVE-2024-21097,Security Flaw in Oracle PeopleSoft Enterprise Tools Affecting Multiple Versions,"A security vulnerability has been identified in Oracle's PeopleSoft Enterprise PeopleTools affecting the Security component. This flaw allows attackers with high privileges and network access via HTTP to potentially compromise the affected systems. Notably, versions 8.59, 8.60, and 8.61 are susceptible to exploitation. Successful exploitation could result in unauthorized access to sensitive data, posing a significant risk to organizational data integrity. It is imperative for users of these affected versions to implement security patches and follow best practices to mitigate any risks associated with this vulnerability. For detailed information, please refer to the official Oracle advisory.",Oracle,Peoplesoft Enterprise Peopletools,4.9,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-04-16T22:15:00.000Z,0
CVE-2024-21070,https://securityvulnerability.io/vulnerability/CVE-2024-21070,Vulnerability in Oracle PeopleSoft Enterprise PeopleTools Search Framework,"An improper authentication vulnerability exists in the PeopleSoft Enterprise PeopleTools product, specifically within its Search Framework component. This flaw can be exploited by unauthenticated attackers with network access via HTTP. Although the exploitation requires human interaction from a user other than the attacker, successful exploitation could lead to unauthorized modifications, including updates, inserts, or deletions of accessible data. Additionally, this vulnerability may enable unauthorized read access to specific subsets of data within the PeopleSoft system, posing significant risks to data confidentiality and integrity.",Oracle,Peoplesoft Enterprise Peopletools,5.4,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-04-16T22:15:00.000Z,0
CVE-2023-22090,https://securityvulnerability.io/vulnerability/CVE-2023-22090,,Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Events & Notifications).   The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all PeopleSoft Enterprise CC Common Application Objects accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).,Oracle,Peoplesoft Enterprise Cc Common Application Objects,6.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2023-10-17T22:15:00.000Z,0
CVE-2023-22080,https://securityvulnerability.io/vulnerability/CVE-2023-22080,,"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology).  Supported versions that are affected are 8.59 and  8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as  unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",Oracle,Peoplesoft Enterprise Pt Peopletools,6.1,MEDIUM,0.0006099999882280827,false,false,false,false,,false,false,2023-10-17T22:15:00.000Z,0
CVE-2023-22014,https://securityvulnerability.io/vulnerability/CVE-2023-22014,Unauthorized Access Vulnerability in Oracle PeopleSoft Enterprise PeopleTools Portal,"A vulnerability exists within Oracle PeopleSoft Enterprise PeopleTools Portal that could allow an unauthenticated attacker with access to the infrastructure to exploit this weakness. Successful exploitation may lead to a complete compromise of the PeopleTools environment, enabling the attacker to gain unauthorized control. Affected versions include 8.59 and 8.60, emphasizing the need for immediate investigation and remediation to protect sensitive data and ensure system integrity.",Oracle,Peoplesoft Enterprise Pt Peopletools,8.4,HIGH,0.0006099999882280827,false,false,false,false,,false,false,2023-07-18T21:15:00.000Z,0
CVE-2023-22047,https://securityvulnerability.io/vulnerability/CVE-2023-22047,Unauthenticated Access Vulnerability in Oracle PeopleSoft Enterprise PeopleTools,"A vulnerability exists in Oracle's PeopleSoft Enterprise PeopleTools, specifically within the Portal component. This flaw can be exploited by an unauthenticated attacker with network access via HTTP, potentially leading to unauthorized access to sensitive data. Attackers can exploit this vulnerability in versions 8.59 and 8.60 of PeopleSoft Enterprise PeopleTools, thereby compromising the security integrity of the application and allowing for extensive unauthorized access to critical data resources.",Oracle,Peoplesoft Enterprise Pt Peopletools,7.5,HIGH,0.0006099999882280827,false,false,false,false,,false,false,2023-07-18T21:15:00.000Z,0