CVE-2020-2899Corporation Peoplesoft Enterprise SCM Purchasing vulnerability

5 documents4 sources
Severity
4.8MEDIUMNVD
EPSS
0.3%
top 50.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Corporation Peoplesoft Enterprise SCM PurchasingOracle Peoplesoft Enterprise SCM Purchasing
Timeline
PublishedApr 15
Latest updateMay 24

Description

Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of Oracle PeopleSoft (component: Purchasing). The supported version that is affected is 9.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM Purchasing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise SCM Purchasing, attacks may significantly impact additio

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-4qgw-9x4q-fwqx: Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of Oracle PeopleSoft (component: Purchasing)2022-05-24
CVEList
CVE-2020-2899: Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of Oracle PeopleSoft (component: Purchasing)2020-04-15

📋Vendor Advisories

2
Oracle
Oracle Oracle PeopleSoft Risk Matrix: Purchasing — CVE-2020-28992020-04-15
Oracle
Oracle Oracle Hyperion Risk Matrix: Security (Application Development Framework) — CVE-2019-28992020-04-15
CVE-2020-2899 — MEDIUM severity | cvebase