CVE-2020-2782: 
Oracle Peoplesoft Enterprise Peopletools vulnerability analysis and mitigation

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query). The vulnerability affects versions 8.56, 8.57 and 8.58. This is an easily exploitable vulnerability that allows unauthenticated attackers with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. The vulnerability requires human interaction from a person other than the attacker and while it exists in PeopleTools, attacks may significantly impact additional products (Oracle Advisory).

The vulnerability has been assigned a CVSS 3.0 Base Score of 7.1 (Confidentiality, Integrity and Availability impacts). The CVSS Vector is (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L). The attack vector is network-based (HTTP), requires low attack complexity, needs no privileges, but does require user interaction. The scope is changed, meaning the vulnerability can affect resources beyond its security scope (Oracle Advisory).

Successful exploitation of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data, unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data, and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PeopleTools (Oracle Advisory).

Oracle has released patches to address this vulnerability as part of the April 2020 Critical Patch Update. Oracle strongly recommends that customers apply Critical Patch Update security patches as soon as possible due to the threat posed by successful attacks (Oracle Advisory).