CVE-2022-39407 Oracle PeopleSoft's Enterprise PeopleTools product is affected by a vulnerability that causes supported versions to be affected.

996 CVE-2018-3310 974 2018-11-18 2018-12-07 2.1 None Remote high Not required None None Partial PeopleSoft Enterprise PeopleTools contains a Persistent XSS vulnerability in URL Parameter Functionality. An attacker can exploit this vulnerability to conduct XSS attack against a user. This XSS issue can be exploited by malicious entity to conduct phishing or information stealing activities. Exploitation of this XSS issue requires no user interaction and can be observed by anonymous users. CVSS 3.0 Base Score 8.8 (Critical). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). 1084 CVE-2018-3307 264 2018-10-31 2018-12-06 2.1 None Remote high Not required None None Partial PeopleSoft Enterprise PeopleTools contains a Persistent XSS vulnerability in URL Parameter Functionality. An attacker can exploit this vulnerability to conduct XSS attack against a user. This XSS issue can be exploited by malicious entity to conduct phishing or information stealing activities. Exploitation of this XSS issue requires no user interaction and can be observed by anonymous users. CVSS 3.0 Base Score 8.8 (Critical). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N

PeopleSoft Enterprise Products and Versions Affected

PeopleSoft Enterprise PeopleTools 8.36, 8.40, 8.46, and 9.3 are vulnerable to this vulnerability.

PeopleSoft Enterprise Product Overview

PeopleSoft Enterprise PeopleTools is a software development platform that provides services to developers, IT professionals, and users across the enterprise. It enables them to create and run applications on the web or on-premises, without the need for programming skills.

PeopleSoft Enterprise PeopleTools is a software development platform that provides services to developers, IT professionals, and users across the enterprise. It enables them to create and run applications on the web or on-premises, without the need for programming skills. The product includes services such as workflow management, business intelligence toolsets, ecommerce solutions and more.

Timeline

Published on: 10/18/2022 21:15:00 UTC
Last modified on: 10/18/2022 21:18:00 UTC

References

• https://www.oracle.com/security-alerts/cpuoct2022.html
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39407