CVE-2022-21520: 
Oracle Peoplesoft Enterprise Peopletools vulnerability analysis and mitigation

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Fluid Core) affects supported versions 8.58 and 8.59. This easily exploitable vulnerability allows unauthenticated attackers with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. The vulnerability was disclosed in July 2022 (Oracle CPU Jul 2022).

The vulnerability has been assigned a CVSS v3.1 Base Score of 6.1, indicating medium severity. The CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N), which indicates network attack vector, low attack complexity, no privileges required, user interaction required, changed scope, and low impacts on confidentiality and integrity with no impact on availability (NVD Database).

Successful exploitation can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data (NVD Database).

Oracle has released patches for the affected versions (8.58 and 8.59) as part of the July 2022 Critical Patch Update. Organizations are strongly recommended to apply these security patches as soon as possible (Oracle CPU Jul 2022).