CVE-2022-21481

4 documents4 sources

Severity

5.4MEDIUM

EPSS

0.2%

top 59.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Corporation Peoplesoft Enterprise FIN Cash Management Oracle Peoplesoft Enterprise

Timeline

PublishedApr 19

Latest updateApr 20

Description

Vulnerability in the PeopleSoft Enterprise FIN Cash Management product of Oracle PeopleSoft (component: Financial Gateway). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Cash Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise FIN Cash Management, attacks may signifi…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5oracle_corporation/peoplesoft_enterprise_fin_cash_management9.2

▶NVDoracle/peoplesoft_enterprise9.2

🔴Vulnerability Details

GHSA

GHSA-pr27-3vrp-7435: Vulnerability in the PeopleSoft Enterprise FIN Cash Management product of Oracle PeopleSoft (component: Financial Gateway)↗2022-04-20

▶

CVEList

CVE-2022-21481: Vulnerability in the PeopleSoft Enterprise FIN Cash Management product of Oracle PeopleSoft (component: Financial Gateway)↗2022-04-19

▶

📋Vendor Advisories

Oracle

Oracle Oracle PeopleSoft Risk Matrix: Financial Gateway — CVE-2022-21481↗2022-04-15

▶