CVE-2024-21063

Severity Score

6.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

Vulnerability in the PeopleSoft Enterprise HCM Benefits Administration product of Oracle PeopleSoft (component: Benefits Administration). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise HCM Benefits Administration executes to compromise PeopleSoft Enterprise HCM Benefits Administration. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise HCM Benefits Administration accessible data as well as unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM Benefits Administration accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise HCM Benefits Administration. CVSS 3.1 Base Score 6.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L).

Vulnerabilidad en PeopleSoft Enterprise HCM Benefits Administration product of Oracle PeopleSoft (componente: Administración de Beneficios). La versión compatible que se ve afectada es la 9.2. Una vulnerabilidad fácilmente explotable permite a un atacante con pocos privilegios iniciar sesión en la infraestructura donde se ejecuta PeopleSoft Enterprise HCM Benefits Administration para comprometer PeopleSoft Enterprise HCM Benefits Administration. Los ataques exitosos requieren la interacción humana de una persona distinta del atacante. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de PeopleSoft Enterprise HCM Benefits Administration, así como acceso no autorizado a actualizaciones, inserción o eliminación de algunos de los datos accesibles de PeopleSoft Enterprise HCM Benefits Administration y capacidad no autorizada de causar una denegación parcial de servicio (DOS parcial) de PeopleSoft Enterprise HCM Administración de Beneficios. CVSS 3.1 Puntuación base 6.1 (impactos en la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L).

*Credits: N/A

CVSS Scores

Oraclev3.1 6.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

Low

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2023-12-07 CVE Reserved
2024-04-16 CVE Published
2024-04-17 EPSS Updated
2024-08-01 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.oracle.com/security-alerts/cpuapr2024.html	2024-04-17

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Oracle Corporation Search vendor "Oracle Corporation"		PeopleSoft Enterprise HCM Benefits Administration Search vendor "Oracle Corporation" for product "PeopleSoft Enterprise HCM Benefits Administration"				9.2 Search vendor "Oracle Corporation" for product "PeopleSoft Enterprise HCM Benefits Administration" and version "9.2"		en		Affected