CVE-2024-21264

Oct. 16, 2024, 4:38 p.m.

Tags

2024-10-15
secalert_us@oracle.com
CVE-2024-21264

CVSS Score

5.4 / 10

Product(s) Impacted

Oracle PeopleSoft Enterprise CC Common Application Objects

  • 9.2

Description

Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Activity Guide Composer). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise CC Common Application Objects accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise CC Common Application Objects accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).

Weaknesses

Date

Published: Oct. 15, 2024, 8:15 p.m.

Last Modified: Oct. 16, 2024, 4:38 p.m.

Status : Undergoing Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

secalert_us@oracle.com

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

Base Score
5.4
Exploitability Score
2.8
Impact Score
2.5
Base Severity
MEDIUM
CVSS Vector String

The CVSS vector string provides an in-depth view of the vulnerability metrics.

View Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

References

https://www.oracle.com/security-alerts/cpuoct2024.html
secalert_us@oracle.com