Primary

Context

Oracle PeopleSoft FIN eSettlements Vulnerability Allows Unauthorized Data Access and Modification

Vulnerability

A vulnerability exists in the PeopleSoft Enterprise FIN eSettlements product, specifically in version 9.2. This vulnerability allows a low-privileged attacker with network access via HTTP to compromise the application. Exploitation of this vulnerability could lead to unauthorized read, update, insert, or delete access to certain accessible data within the eSettlements component.

Impact

Successful exploitation can result in unauthorized access to read, update, insert, or delete data within the PeopleSoft Enterprise FIN eSettlements application.

Remediation

Users are advised to apply the January 2025 Critical Patch Update, which includes a patch for this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

1.3

exploitability

4.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

1.3

exploitability

4.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Oracle PeopleSoft FIN eSettlements Vulnerability Allows Unauthorized Data Access and Modification

Vulnerability

Impact

Remediation

Affected Products

Oracle PeopleSoft Enterprise FIN eSettlements

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating