CVE-2022-21359

CWE-405CWE-674Uncontrolled RecursionCWE-770Allocation without Limits6 documents5 sources
Severity
6.1MEDIUM
EPSS
0.6%
top 31.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Corporation Peoplesoft Enterprise PT PeopletoolsOracle Peoplesoft Enterprise Peopletools
Timeline
PublishedJan 19
Latest updateDec 13

Description

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Optimization Framework). Supported versions that are affected are 8.57, 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significan

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

🔴Vulnerability Details

4
GHSA
TYPO3 CMS vulnerable to Denial of Service in Page Error Handling2022-12-13
GHSA
TYPO3 CMS vulnerable to Denial of Service in Page Error Handling2022-09-16
GHSA
GHSA-h32w-5r22-g475: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Optimization Framework)2022-01-20
CVEList
CVE-2022-21359: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Optimization Framework)2022-01-19

📋Vendor Advisories

1
Oracle
Oracle Oracle PeopleSoft Risk Matrix: Optimization Framework — CVE-2022-213592022-01-15
CVE-2022-21359 (MEDIUM CVSS 6.1) | Vulnerability in the PeopleSoft Ent | cvebase.io