Volerion logoVolerion
Volerion logoVolerion

Oracle PeopleSoft CC Common Application Objects Run Control Management Vulnerability Allows Unauthorized Data Modification

Vulnerability

A vulnerability exists in the PeopleSoft Enterprise CC Common Application Objects product, specifically within the Run Control Management component, version 9.2. This vulnerability allows a low-privileged attacker with network access via HTTP to perform unauthorized updates, inserts, or deletions of accessible data within the application. The issue arises from insufficient validation of user input, which could be exploited to manipulate data improperly.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in the application's data, allowing attackers to modify, add, or delete information within the PeopleSoft Enterprise CC Common Application Objects.

Reproduction

To reproduce this vulnerability, a low-privileged user must send an HTTP request that exploits the lack of input validation in the Run Control Management component of PeopleSoft Enterprise CC Common Application Objects version 9.2. This can be done by crafting a request that includes malicious payloads designed to bypass security measures and manipulate data in an unauthorized manner.

Remediation

Users are advised to apply the January 2025 Critical Patch Update, which includes a patch for this vulnerability.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
4.5
impact
0.6
exploitability
5.2
remediation
7.7
relevance
0.0
threat
1.6
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.