cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-21178,https://securityvulnerability.io/vulnerability/CVE-2024-21178,Unauthorized Access to Data in PeopleSoft Enterprise PeopleTools Could Occur via HTTP,"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal).  Supported versions that are affected are 8.59, 8.60 and  8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as  unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",Oracle,Peoplesoft Enterprise Pt Peopletools,6.1,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-16T23:15:00.000Z,0
CVE-2024-21180,https://securityvulnerability.io/vulnerability/CVE-2024-21180,Vulnerability in PeopleSoft Enterprise PeopleTools Could Lead to Unauthorized Data Access,"A vulnerability exists within the OpenSearch Dashboards component of Oracle's PeopleSoft Enterprise PeopleTools. It affects versions 8.59, 8.60, and 8.61 and can be exploited by low-privileged attackers who have network access via HTTP. This exploitation requires human interaction from someone other than the attacker and can lead to unauthorized read access to certain data within PeopleSoft Enterprise PeopleTools. The implications of this vulnerability extend beyond PeopleTools, potentially affecting other products as the scope may change. Organizations utilizing Oracle PeopleSoft should assess their systems to mitigate the risks associated with this vulnerability.",Oracle,Peoplesoft Enterprise Pt Peopletools,4.1,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-16T23:15:00.000Z,0
CVE-2023-22080,https://securityvulnerability.io/vulnerability/CVE-2023-22080,Vulnerability in PeopleSoft Enterprise PeopleTools by Oracle,"This vulnerability in Oracle's PeopleSoft Enterprise PeopleTools component, specifically affecting versions 8.59 and 8.60, allows unauthenticated attackers to compromise the system via HTTP. Exploitation requires human interaction from a third-party user, potentially leading to unauthorized data modifications such as updates, inserts, or deletions, as well as read access to sensitive information within PeopleSoft. The implications may extend beyond the core product, affecting various interlinked systems and increasing the overall risk to organizational data security.",Oracle,Peoplesoft Enterprise Pt Peopletools,6.1,MEDIUM,0.0006099999882280827,false,,false,false,false,,,false,false,,2023-10-17T22:15:00.000Z,0
CVE-2023-22014,https://securityvulnerability.io/vulnerability/CVE-2023-22014,Unauthorized Access Vulnerability in Oracle PeopleSoft Enterprise PeopleTools Portal,"A vulnerability exists within Oracle PeopleSoft Enterprise PeopleTools Portal that could allow an unauthenticated attacker with access to the infrastructure to exploit this weakness. Successful exploitation may lead to a complete compromise of the PeopleTools environment, enabling the attacker to gain unauthorized control. Affected versions include 8.59 and 8.60, emphasizing the need for immediate investigation and remediation to protect sensitive data and ensure system integrity.",Oracle,Peoplesoft Enterprise Pt Peopletools,8.4,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-07-18T21:15:00.000Z,0
CVE-2023-22047,https://securityvulnerability.io/vulnerability/CVE-2023-22047,Unauthenticated Access Vulnerability in Oracle PeopleSoft Enterprise PeopleTools,"A vulnerability exists in Oracle's PeopleSoft Enterprise PeopleTools, specifically within the Portal component. This flaw can be exploited by an unauthenticated attacker with network access via HTTP, potentially leading to unauthorized access to sensitive data. Attackers can exploit this vulnerability in versions 8.59 and 8.60 of PeopleSoft Enterprise PeopleTools, thereby compromising the security integrity of the application and allowing for extensive unauthorized access to critical data resources.",Oracle,Peoplesoft Enterprise Pt Peopletools,7.5,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-07-18T21:15:00.000Z,0
CVE-2023-21981,https://securityvulnerability.io/vulnerability/CVE-2023-21981,Vulnerability in Elastic Search Component of PeopleSoft Enterprise by Oracle,"A vulnerability exists in the Elastic Search component of the Oracle PeopleSoft Enterprise PeopleTools product. This flaw can be exploited easily by a high-privileged attacker with network access via HTTP, leading to unauthorized access to sensitive data. Affected versions include 8.58, 8.59, and 8.60. Successful exploitation may allow attackers to access critical data or potentially gain complete access to all data accessible within the PeopleSoft Enterprise environment.",Oracle,Peoplesoft Enterprise Pt Peopletools,4.9,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-04-18T20:15:00.000Z,0
CVE-2023-21916,https://securityvulnerability.io/vulnerability/CVE-2023-21916,Exploitable Vulnerability in Oracle PeopleSoft Enterprise PeopleTools Web Server,"A security vulnerability exists in the Web Server component of Oracle's PeopleSoft Enterprise PeopleTools. This flaw allows an unauthenticated attacker with network access via HTTP to potentially compromise systems running unsupported versions 8.58, 8.59, and 8.60. Successful exploitation could lead to unauthorized read access to sensitive subsets of data, highlighting a critical need for organizations using these versions to review their configurations and enhance security measures to protect against potential intrusions.",Oracle,Peoplesoft Enterprise Pt Peopletools,5.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-04-18T20:15:00.000Z,0
CVE-2023-21845,https://securityvulnerability.io/vulnerability/CVE-2023-21845,Vulnerability in Oracle PeopleSoft Enterprise PeopleTools Panel Processor,"A security flaw exists within Oracle's PeopleSoft Enterprise PeopleTools, specifically affecting the Panel Processor component. This vulnerability makes it possible for low-privileged attackers to exploit network access via HTTP, leading to potential unauthorized actions such as updating, inserting, or deleting data. Additionally, attackers may gain unauthorized read access to certain data within PeopleSoft Enterprise PeopleTools, raising significant concerns about data confidentiality and integrity. Affected users should apply necessary security measures promptly.",Oracle,PeopleSoft Enterprise PT PeopleTools,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2023-01-18T00:15:00.000Z,0
CVE-2023-21844,https://securityvulnerability.io/vulnerability/CVE-2023-21844,Vulnerability in PeopleSoft Enterprise PeopleTools by Oracle affecting Elastic Search,"A vulnerability exists in Oracle's PeopleSoft Enterprise PeopleTools, specifically within the Elastic Search component. This weakness allows low-privileged attackers, with network access via HTTP, to compromise the affected system. Successful exploitation may lead to unauthorized update, insert, or delete operations on accessible data, as well as the unauthorized reading of certain data. The attack process necessitates interaction from a user, thus increasing the complexity of exploitation. This flaw potentially impacts not only PeopleTools but can also affect other connected products, as it changes the scope of a security breach.",Oracle,PeopleSoft Enterprise PT PeopleTools,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2023-01-18T00:15:00.000Z,0
CVE-2022-21602,https://securityvulnerability.io/vulnerability/CVE-2022-21602,Portal Vulnerability in Oracle PeopleSoft Enterprise PeopleTools,"This vulnerability in Oracle's PeopleSoft Enterprise PeopleTools pertains to its Portal component. It allows unauthenticated attackers with network access via HTTP to gain unauthorized read access to sensitive data within the system. The affected versions, 8.58, 8.59, and 8.60, could potentially allow malicious users to compromise the integrity of PeopleSoft services. Organizations using these versions should prioritize updating their systems to safeguard sensitive information from unauthorized access.",Oracle,Peoplesoft Enterprise Pt Peopletools,5.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-10-18T00:00:00.000Z,0
CVE-2022-39407,https://securityvulnerability.io/vulnerability/CVE-2022-39407,Security Flaw in Oracle PeopleSoft Enterprise PeopleTools,"A vulnerability exists in Oracle's PeopleSoft Enterprise PeopleTools that could allow attackers with low privileges to gain unauthorized access to sensitive data. This issue affects supported versions 8.58, 8.59, and 8.60. If exploited, an attacker could compromise the application and potentially access all data within PeopleSoft Enterprise PeopleTools, posing significant risks to data integrity and confidentiality.",Oracle,Peoplesoft Enterprise Pt Peopletools,5.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-10-18T00:00:00.000Z,0
CVE-2022-21639,https://securityvulnerability.io/vulnerability/CVE-2022-21639,Unauthenticated Remote Code Execution in Oracle PeopleSoft Enterprise PeopleTools,"An unauthenticated vulnerability exists in Oracle's PeopleSoft Enterprise PeopleTools, specifically within the Elastic Search Integration component, that allows attackers with network access to exploit the system. Affected versions 8.59 and 8.60 permit unauthorized actions including updates, inserts, and deletions of accessible data, as well as unauthorized reading of certain data. Successful exploitation necessitates human interaction from a user other than the attacker, allowing for potential extensive impacts on additional interconnected products. Organizations are encouraged to review their configurations and apply necessary patches to mitigate risks associated with this vulnerability.",Oracle,Peoplesoft Enterprise Pt Peopletools,6.1,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-10-18T00:00:00.000Z,0
CVE-2022-21543,https://securityvulnerability.io/vulnerability/CVE-2022-21543,Unauthenticated Access Vulnerability in Oracle PeopleSoft Enterprise PeopleTools,"This vulnerability in Oracle People's PeopleTools enables unauthenticated attackers to gain access to the system through an HTTP network connection. Affected versions include PeopleSoft Enterprise PeopleTools 8.58 and 8.59. By exploiting this security flaw, an attacker can execute unauthorized operations, which may lead to a complete takeover of the PeopleSoft environment. Organizations using these versions should assess their systems for this vulnerability to prevent potential compromises.",Oracle,Peoplesoft Enterprise Pt Peopletools,9.8,CRITICAL,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-07-19T21:07:34.000Z,0
CVE-2022-21521,https://securityvulnerability.io/vulnerability/CVE-2022-21521,Unauthorized Access Vulnerability in Oracle PeopleSoft Enterprise PeopleTools,Oracle PeopleSoft Enterprise PeopleTools contains a vulnerability in the XML Publisher component that can be exploited by high privileged attackers with network access via HTTP. This flaw could lead to unauthorized access to sensitive information or full access to all data managed by PeopleSoft Enterprise PeopleTools. The exploitation of this vulnerability could significantly compromise the confidentiality of user data and system integrity.,Oracle,Peoplesoft Enterprise Pt Peopletools,4.9,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-07-19T21:07:00.000Z,0
CVE-2022-21520,https://securityvulnerability.io/vulnerability/CVE-2022-21520,Unauthenticated Network Vulnerability in Oracle PeopleSoft Enterprise PeopleTools,"A security concern exists within Oracle's PeopleSoft Enterprise PeopleTools, specifically in the Fluid Core component. The vulnerability permits an unauthenticated attacker with network access via HTTP to potentially compromise the system. Exploitation of this flaw necessitates human interaction from another individual, potentially broadening the attack's effect on various interconnected products. Successful exploitation can lead to unauthorized modifications, including the ability to update, insert, or delete data within PeopleSoft Enterprise PeopleTools, as well as unauthorized access to certain data. This highlights a significant risk to the confidentiality and integrity of accessible data.",Oracle,Peoplesoft Enterprise Pt Peopletools,6.1,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-07-19T21:06:58.000Z,0
CVE-2022-21512,https://securityvulnerability.io/vulnerability/CVE-2022-21512,Integration Broker Vulnerability in PeopleSoft Enterprise Tools by Oracle,"A vulnerability has been identified in the Integration Broker component of Oracle's PeopleSoft Enterprise PeopleTools. This issue affects the supported versions 8.58 and 8.59, allowing attackers with privileged access to exploit the system. A successful attack can grant unauthorized access to sensitive data, possibly leading to a complete compromise of all accessible data within the PeopleSoft environment. Organizations using these versions should assess their security posture to prevent potential exploitation.",Oracle,Peoplesoft Enterprise Pt Peopletools,4.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-07-19T21:06:46.000Z,0
CVE-2022-21470,https://securityvulnerability.io/vulnerability/CVE-2022-21470,Unauthenticated Access Vulnerability in PeopleSoft Enterprise PeopleTools by Oracle,"The vulnerability in Oracle's PeopleSoft Enterprise PeopleTools allows unauthenticated attackers to gain access via HTTP, leading to unauthorized modifications and access to sensitive data. This vulnerability requires interaction from a legitimate user to be executed, making it particularly dangerous as it can extend its impact to other interconnected systems. It poses a risk of unauthorized data updates, inserts, and deletions, affecting the integrity and confidentiality of the data managed by PeopleSoft.",Oracle,Peoplesoft Enterprise Pt Peopletools,6.1,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-04-19T20:38:11.000Z,0
CVE-2022-21458,https://securityvulnerability.io/vulnerability/CVE-2022-21458,Unauthenticated Access Vulnerability in Oracle PeopleSoft Enterprise PeopleTools Navigation Pages,"A significant vulnerability exists within the PeopleSoft Enterprise PeopleTools, specifically affecting the Navigation Pages component. Unauthenticated attackers with network access via HTTP can exploit this flaw, allowing them to potentially manipulate accessible data. While successful exploitation requires human interaction from a third party, the consequences can be severe. Attackers may gain unauthorized update, insert, or delete capabilities for some data, alongside unauthorized read access to specific subsets of data within the affected PeopleSoft environment. This vulnerability presents a considerable risk to the integrity and confidentiality of the data managed within Oracle's PeopleTools.",Oracle,Peoplesoft Enterprise Pt Peopletools,6.1,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-04-19T20:37:52.000Z,0
CVE-2022-21456,https://securityvulnerability.io/vulnerability/CVE-2022-21456,Navigation Pages Vulnerability in Oracle PeopleSoft Enterprise PeopleTools,"The identified vulnerability in Oracle PeopleSoft Enterprise PeopleTools affects versions 8.58 and 8.59, enabling unauthenticated attackers to exploit navigation pages through HTTP. This easily exploitable flaw necessitates human interaction for an attack to be successful. While the core vulnerability resides in PeopleSoft Enterprise PeopleTools, its impact could extend to additional products due to scope changes. Successful exploitation can lead to unauthorized access, allowing attackers to update, insert, or delete sensitive data, as well as read information that should remain confidential. Organizations using affected versions are urged to prioritize mitigation strategies to safeguard their data.",Oracle,Peoplesoft Enterprise Pt Peopletools,6.1,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-04-19T20:37:48.000Z,0
CVE-2022-21369,https://securityvulnerability.io/vulnerability/CVE-2022-21369,Vulnerability in PeopleSoft Enterprise PeopleTools Rich Text Editor by Oracle,"An exploitable security misconfiguration in Oracle's PeopleSoft Enterprise PeopleTools, particularly within the Rich Text Editor component, allows unauthenticated attackers with network access to compromise the system. Successful exploitation necessitates human interaction from another user, which can lead to unauthorized access, enabling attackers to update, insert, or delete data, in addition to reading sensitive information. This vulnerability poses a significant risk to data integrity and confidentiality within applications utilizing PeopleSoft Enterprise PeopleTools.",Oracle,Peoplesoft Enterprise Pt Peopletools,6.1,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-01-19T11:25:55.000Z,0
CVE-2022-21364,https://securityvulnerability.io/vulnerability/CVE-2022-21364,Unauthenticated Data Access Vulnerability in Oracle PeopleSoft Enterprise PeopleTools,"An unauthenticated access vulnerability exists in the Oracle PeopleSoft Enterprise PeopleTools, specifically within the Weblogic component. This flaw enables unauthenticated attackers to gain network access through HTTP, potentially allowing them to read unauthorized data from the PeopleSoft applications. Affected are versions 8.57, 8.58, and 8.59. Organizations using these versions should be aware of this vulnerability and take necessary precautions to protect their sensitive data from unauthorized access.",Oracle,Peoplesoft Enterprise Pt Peopletools,5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2022-01-19T11:25:46.000Z,0
CVE-2022-21359,https://securityvulnerability.io/vulnerability/CVE-2022-21359,Vulnerability in PeopleSoft Enterprise PeopleTools by Oracle,"This vulnerability in Oracle's PeopleSoft Enterprise PeopleTools affects supported versions 8.57, 8.58, and 8.59, allowing an unauthenticated attacker with network access via HTTP to exploit the system. While the attack requires human interaction from someone other than the attacker, the implications can be severe, leading to unauthorized modifications of the accessible data within PeopleSoft. Attackers may gain unauthorized read access, as well as the ability to update, insert, or delete data. This weakness poses a significant risk not only to the PeopleSoft product itself but may also impact related systems, requiring organizations to address the issue promptly.",Oracle,Peoplesoft Enterprise Pt Peopletools,6.1,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-01-19T11:25:35.000Z,0
CVE-2022-21345,https://securityvulnerability.io/vulnerability/CVE-2022-21345,Security Vulnerability in Oracle PeopleSoft Enterprise PeopleTools,"A vulnerability exists in Oracle's PeopleSoft Enterprise PeopleTools, affecting versions 8.58 and 8.59. This security flaw allows low-privileged attackers with network access via HTTP to compromise the system. Exploitation of this vulnerability may lead to unauthorized access to sensitive data or potentially grant attackers full access to all data accessible within PeopleSoft Enterprise PeopleTools.",Oracle,Peoplesoft Enterprise Pt Peopletools,6.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-01-19T11:25:07.000Z,0
CVE-2022-21272,https://securityvulnerability.io/vulnerability/CVE-2022-21272,Unauthenticated Access Vulnerability in Oracle PeopleSoft Enterprise PeopleTools,"This vulnerability allows an unauthenticated attacker to exploit the PeopleSoft Enterprise PeopleTools component through network access via HTTP. Affected versions include 8.57, 8.58, and 8.59. Although successful exploitation requires user interaction, it can lead to unauthorized actions such as updating, inserting, or deleting sensitive data. Moreover, unauthorized read access to certain data within PeopleSoft may also occur, posing a risk to data confidentiality and integrity across the affected systems. Businesses using this platform should take immediate actions to mitigate these risks.",Oracle,Peoplesoft Enterprise Pt Peopletools,6.1,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-01-19T11:22:49.000Z,0
CVE-2021-35609,https://securityvulnerability.io/vulnerability/CVE-2021-35609,Vulnerability in Oracle PeopleSoft Enterprise PeopleTools SQR Component,"This vulnerability affects the SQR component of Oracle PeopleSoft Enterprise PeopleTools, allowing low-privileged attackers with network access via HTTP to gain unauthorized access. The flaw can lead to exposure of sensitive information, undermining the integrity and confidentiality of critical data within the affected PeopleTools versions.",Oracle,Peoplesoft Enterprise Pt Peopletools,6.5,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2021-10-20T10:50:48.000Z,0