CVE-2023-22080: 
Oracle Peoplesoft Enterprise Peopletools vulnerability analysis and mitigation

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology) affects versions 8.59 and 8.60. This vulnerability allows unauthenticated attackers with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. The vulnerability was disclosed as part of Oracle's October 2023 Critical Patch Update (Oracle CPU).

The vulnerability has been assigned a CVSS v3.1 Base Score of 6.1 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. The attack vector is network-based (AV:N), with low attack complexity (AC:L), requiring no privileges (PR:N) but does require user interaction (UI:R). The scope is changed (S:C), with low impacts to both confidentiality and integrity, and no impact to availability (Oracle CPU).

Successful exploitation can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. The vulnerability can significantly impact additional products beyond PeopleSoft Enterprise PeopleTools due to the scope change characteristic (Oracle CPU).

Oracle has released security patches to address this vulnerability as part of the October 2023 Critical Patch Update. Oracle strongly recommends that customers apply Critical Patch Update security patches as soon as possible due to the threat posed by successful attacks (Oracle CPU).