Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-22047

CWE-306 — Missing Authentication8 documents7 sources

Severity

7.5HIGH

EPSS

91.6%

top 0.32%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Oracle Corporation Peoplesoft Enterprise PT Peopletools Oracle Peoplesoft Enterprise

Timeline

PublishedJul 18

Latest updateApr 18

Description

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 7.5 (Co…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5oracle_corporation/peoplesoft_enterprise_pt_peopletools8.59, 8.60+1

▶NVDoracle/peoplesoft_enterprise8.59, 8.60+1

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

CVEList

CVE-2023-22047: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal)↗2023-07-18

▶

GHSA

GHSA-5q43-wwhh-v8wh: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal)↗2023-07-18

▶

💥Exploits & PoCs

Nuclei

Oracle Peoplesoft - Unauthenticated File Read

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS Oracle PeopleSoft Unauthenticated File Read (CVE-2023-22047)↗2025-04-18

▶

📋Vendor Advisories

Oracle

Oracle Oracle PeopleSoft Risk Matrix: Portal — CVE-2023-22047↗2023-07-15

▶