CVE-2021-2407: 
Oracle Peoplesoft Enterprise Peopletools vulnerability analysis and mitigation

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.57, 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) (Oracle Advisory).

The vulnerability has a CVSS Base Score of 5.3, indicating a medium severity level. The attack vector (AV) is Network, meaning it can be exploited remotely. Attack complexity (AC) is Low, suggesting the attack is straightforward to execute. No privileges (PR) or user interaction (UI) are required for exploitation. The scope (S) is Unchanged, and the impact is limited to Confidentiality (C:L) with no effect on Integrity (I:N) or Availability (A:N) (Oracle Advisory).

The successful exploitation of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. The impact is limited to confidentiality breaches, with no direct effect on system integrity or availability (Oracle Advisory).

Oracle has released patches for the affected versions (8.57, 8.58, and 8.59) of PeopleSoft Enterprise PeopleTools as part of the July 2021 Critical Patch Update. It is strongly recommended that customers apply these security patches as soon as possible (Oracle Advisory).