CVE# | Product | Component | Protocol | Remote Exploit without Auth.? |
CVSS VERSION 3.0 RISK (see Risk Matrix Definitions) | Supported Versions Affected | Notes | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Base Score |
Attack Vector |
Attack Complex |
Privs Req’d |
User Interact |
Scope | Confid- entiality |
Inte- grity |
Avail- ability |
|||||||
CVE-2018-2772 | PeopleSoft Enterprise PeopleTools | Rich Text Editor | HTTP | No | 8.8 | Network | Low | Low | None | Un- changed |
High | High | High | 8.54, 8.55, 8.56 |
Attention: CVE-2018-2772
Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data.
Official announcement shown below url for reference.
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html