CVE-2020-2859: 
Oracle Peoplesoft Enterprise Peopletools vulnerability analysis and mitigation

The vulnerability CVE-2020-2859 affects PeopleSoft Enterprise PeopleTools, specifically the nVision component. This easily exploitable vulnerability allows unauthenticated attackers with network access via HTTP to compromise the system. The vulnerability was disclosed and patched as part of Oracle's Critical Patch Update in April 2020 (Oracle CPU).

The vulnerability has been assigned a CVSS v3.0 Base Score of 7.5, indicating a high severity level. The attack vector is network-based (AV:N), with low attack complexity (AC:L), requiring no privileges (PR:N) and no user interaction (UI:N). The scope is unchanged (S:U), and the vulnerability can potentially impact system confidentiality, integrity, and availability (Oracle CPU).

A successful exploitation of this vulnerability could allow attackers to compromise PeopleSoft Enterprise PeopleTools through the nVision component, potentially leading to unauthorized access, data manipulation, or service disruption (Oracle CPU).

Oracle has released security patches for this vulnerability as part of their April 2020 Critical Patch Update. Organizations using affected versions of PeopleSoft Enterprise PeopleTools should apply the security patches immediately to address this vulnerability (Oracle CPU).