Oracle PeopleSoft HCM Human Resources Unauthenticated Data Access Vulnerability

An easily exploitable vulnerability has been identified in Oracle PeopleSoft Enterprise HCM Human Resources version 9.2, specifically within the Company Directory/Org Chart Viewer and Employee Snapshot components. This vulnerability allows an unauthenticated attacker with network access via HTTP to compromise the application. Successful exploitation requires human interaction from a third party. While the vulnerability resides in the HCM Human Resources product, it may also significantly affect other products, leading to a scope change. Exploitation of this vulnerability could result in unauthorized access to read, update, insert, or delete certain accessible data within PeopleSoft Enterprise HCM Human Resources.

Impact

Exploitation of this vulnerability could lead to unauthorized read access, as well as unauthorized updates, inserts, or deletions of some accessible data within PeopleSoft Enterprise HCM Human Resources. Additionally, according to Oracle, successful attacks could impact other products, causing a scope change.