Oracle PeopleSoft Enterprise PeopleTools Portal Unauthenticated Data Access Vulnerability

An easily exploitable vulnerability has been identified in the Oracle PeopleSoft Enterprise PeopleTools product, specifically within the Portal component. This vulnerability affects versions 8.60, 8.61, and 8.62. It allows an unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Exploitation of this vulnerability requires human interaction from a person other than the attacker. While the vulnerability resides in PeopleSoft Enterprise PeopleTools, successful attacks may significantly impact additional products. Exploitation can lead to unauthorized update, insert, or delete access to some accessible data within PeopleSoft Enterprise PeopleTools, as well as unauthorized read access to a subset of the same data.

Impact

Exploitation of this vulnerability can result in unauthorized access to update, insert, or delete data within PeopleSoft Enterprise PeopleTools, as well as unauthorized read access to certain accessible data.