CVE-2017-3292

Published: Jan 27, 2017Modified: May 13, 2026

5.7

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Exploitability: 2.1 / Impact: 3.6

Source: NVD

Description

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS v3.0 Base Score 5.7 (Confidentiality impacts).

Affected (2)

Products: Oracle: Peoplesoft Enterprise Peopletools

1 product

Peoplesoft Enterprise Peopletools

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Oracle Peoplesoft Enterprise Peopletools	Version 8.54
Oracle Peoplesoft Enterprise Peopletools	Version 8.55

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html

Source: secalert_us@oracle.com

PatchVendor Advisory

http://www.securityfocus.com/bid/95502

Source: secalert_us@oracle.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1037634

Source: secalert_us@oracle.com

http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/95502

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1037634

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.