CVE-2018-3076

EUVD-2018-14931

18.07.2018, 13:29

Vulnerability in the PeopleSoft Enterprise CS Financial Aid component of Oracle PeopleSoft Products (subcomponent: ISIR Processing). Supported versions that are affected are 9.0 and 9.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CS Financial Aid. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise CS Financial Aid accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	2.7 LOW	NETWORK	LOW	HIGH	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 44%

Affected Products (NVD)

Vendor	Product	Version
oracle	peoplesoft_enterprise_cs_financial_aid	9.0
oracle	peoplesoft_enterprise_cs_financial_aid	9.2

𝑥

= Vulnerable software versions

References

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.securityfocus.com/bid/104830

http://www.securitytracker.com/id/1041306

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.securityfocus.com/bid/104830

http://www.securitytracker.com/id/1041306