CVE-2023-21916: 
Oracle Peoplesoft Enterprise Peopletools vulnerability analysis and mitigation

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Web Server) affects supported versions 8.58, 8.59 and 8.60. This easily exploitable vulnerability allows unauthenticated attackers with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. The vulnerability was disclosed in April 2023 as part of Oracle's Critical Patch Update (Oracle CPU).

The vulnerability has been assigned a CVSS v3.1 Base Score of 5.3 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. The scoring indicates that the vulnerability is network-accessible (AV:N), requires low attack complexity (AC:L), needs no privileges (PR:N), requires no user interaction (UI:N), has unchanged scope (S:U), and only impacts confidentiality at a low level (C:L) with no impact on integrity (I:N) or availability (A:N) (Oracle CPU, NVD).

Successful exploitation of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. The vulnerability only affects the confidentiality of the system, with no impact on system integrity or availability (Oracle CPU).

Oracle has released patches for the affected versions (8.58, 8.59, and 8.60) of PeopleSoft Enterprise PeopleTools as part of the April 2023 Critical Patch Update. Oracle strongly recommends that customers apply the Critical Patch Update patches as soon as possible due to the threat posed by successful attacks (Oracle CPU).