CVE-2022-39406 Oracle PeopleSoft Enterprise CComponent is affected by a vulnerability in version 9.2. The supported version that is affected is 9.2.

Oracle recommends upgrading to version 9.2.1.5 of PeopleSoft Enterprise Common Components. From the vendor - Vulnerable to CVE-2018-3274 Oracle PeopleSoft Enterprise Common Components 9.2.1.5 is now available. This release fixes a vulnerability that could allow an unauthenticated attacker to gain unauthorized data access. The vulnerability is related to the PeopleSoft Enterprise Common Components (PECC) Approval Framework. An attacker could exploit this vulnerability by sending a specially crafted e-mail message to the e-mail address of a user in the PeopleSoft Enterprise Common Components (PECC) user database. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). Oracle recommends upgrading to version 9.2.1.5 of PeopleSoft Enterprise Common Components. From the vendor - Vulnerable to CVE-2018-3274 Oracle PeopleSoft Enterprise Common Components 9.2.1.5 is now available. This release fixes a vulnerability that could allow an unauthenticated attacker to gain unauthorized data access. The vulnerability is related to the PeopleSoft Enterprise Common Components (PECC) Approval Framework. An attacker could exploit this vulnerability by sending a specially crafted e-mail message to the e-mail address of a

Oracle PeopleSoft Enterprise Financials Software Engineer Resources

The PeopleSoft Enterprise Financials team is pleased to announce that due to the successful integration of IT with Oracle Financial Services, we now offer a large number of resources for our customers that are in need of help.
Oracle has a dedicated PeopleSoft Enterprise Financials support line and an online Community site where you can find community-based resources. You can also access these resources through your customer portal.
Oracle also offers support resources for Oracle Business Intelligence, Oracle E-Business Suite, and Oracle JD Edwards products as well

Summary

A newly discovered vulnerability in Oracle PeopleSoft Enterprise Common Components (PECC) version 9.2.1.5 that could allow an unauthenticated attacker to gain unauthorized data access was fixed by this release. The vulnerability is related to the PeopleSoft Enterprise Common Components (PECC) Approval Framework. This release also fixes a vulnerability that could allow an unauthenticated attacker to gain unauthorized data access and a third vulnerability related to the Security Framework, which has been assigned CVE-2018-3274.
The CVE-2018-3274 vulnerability is a remote code execution bug that would allow an unauthenticated attacker with valid logon credentials to take control of the system and execute arbitrary commands on it. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). Oracle recommends upgrading to version 9.2.1.5 of PeopleSoft Enterprise Common Components as soon as possible

Background on the vulnerability

- This vulnerability exists in the PeopleSoft Enterprise Common Components (PECC) Approval Framework.
- An unauthenticated attacker could exploit this vulnerability by sending a specially crafted e-mail message to the e-mail address of a user in the PeopleSoft Enterprise Common Components (PECC) user database.
- The vulnerability is CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts).
- The vulnerability can be exploited via a malicious e-mail message to a PECC Approver.

Oracle PeopleSoft Enterprise Common Components - CVE References html

CVE-2018-3274 Oracle PeopleSoft Enterprise Common Components 9.2.1.5 is now available. This release fixes a vulnerability that could allow an unauthenticated attacker to gain unauthorized data access. The vulnerability is related to the PeopleSoft Enterprise Common Components (PECC) Approval Framework. An attacker could exploit this vulnerability by sending a specially crafted e-mail message to the e-mail address of a user in the PeopleSoft Enterprise Common Components (PECC) user database. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). Oracle recommends upgrading to version 9.2.1.5 of PeopleSoft Enterprise Common Components.

Timeline

Published on: 10/18/2022 21:15:00 UTC
Last modified on: 10/18/2022 21:18:00 UTC

References

• https://www.oracle.com/security-alerts/cpuoct2022.html
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39406