CVE-2024-21158: 
Oracle Peoplesoft Enterprise Peopletools vulnerability analysis and mitigation

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.59, 8.60 and 8.61. This vulnerability allows low privileged attackers with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. While the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (Oracle CPU).

The vulnerability has been assigned a CVSS v3.1 Base Score of 6.4, indicating MEDIUM severity. The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N, which indicates network accessibility, low attack complexity, required low privileges, no user interaction, changed scope, and low impact on both confidentiality and integrity with no impact on availability (Oracle CPU).

Successful exploitation of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data (NVD).

Oracle has released patches to address this vulnerability as part of the July 2024 Critical Patch Update. Organizations using affected versions of PeopleSoft Enterprise PeopleTools (8.59, 8.60, and 8.61) should apply the security patches as soon as possible (Oracle CPU).