Oracle PeopleSoft Enterprise PeopleTools PIA Core Technology Component Vulnerability Allowing Unauthorized Data Access and Modification

A vulnerability exists in the PeopleSoft Enterprise PeopleTools product, specifically within the PIA Core Technology component. Affected versions include 8.60, 8.61, and 8.62. This vulnerability allows a low-privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Exploitation requires human interaction from a third party. While the vulnerability is contained within PeopleSoft Enterprise PeopleTools, successful attacks could significantly impact other products, leading to a scope change. Exploitation of this vulnerability could result in unauthorized read access to certain subsets of PeopleSoft Enterprise PeopleTools data, as well as unauthorized update, insert, or delete access to other accessible data within the same environment.

Impact

Exploitation allows for unauthorized read access to some PeopleSoft Enterprise PeopleTools data, as well as unauthorized modification of accessible data, including updates, inserts, or deletions.