Oracle Peoplesoft Enterprise Peopletools vulnerabilities

CVE-2024-21178 [MEDIUM] CWE-79 CVE-2024-21178: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Port Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interacti

CVE-2024-21097 [MEDIUM] CVE-2024-21097: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Secu Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can re

CVE-2024-21065 [MEDIUM] CWE-601 CVE-2024-21065: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Work Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Workflow). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human intera

CVE-2024-21070 [MEDIUM] CVE-2024-21070: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Sear Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Search Framework). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human intera

CVE-2023-22080 [MEDIUM] CVE-2023-22080: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interactio

CVE-2023-22014 [HIGH] CWE-284 CVE-2023-22014: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Port Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleToo

CVE-2023-21981 [MEDIUM] CVE-2023-21981: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elas Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability

CVE-2023-21916 [MEDIUM] CVE-2023-21916: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Web Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Web Server). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can r

CVE-2023-21845 [MEDIUM] CVE-2023-21845: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Pane Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Panel Processor). The supported version that is affected is 8.60. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in

CVE-2023-21844 [MEDIUM] CVE-2023-21844: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elas Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction fro

CVE-2022-39407 [MEDIUM] CVE-2022-39407: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Secu Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTo

CVE-2022-21543 [CRITICAL] CVE-2022-21543: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Upda Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Mgmt). Supported versions that are affected are 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerab

CVE-2022-21512 [MEDIUM] CVE-2022-21512: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Inte Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Integration Broker). Supported versions that are affected are 8.58 and 8.59. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise Peo

CVE-2022-21520 [MEDIUM] CVE-2022-21520: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Flui Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Fluid Core). Supported versions that are affected are 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a

CVE-2022-21521 [MEDIUM] CVE-2022-21521: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: XML Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: XML Publisher). Supported versions that are affected are 8.58 and 8.59. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can resu

CVE-2022-21458 [MEDIUM] CVE-2022-21458: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Navi Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Navigation Pages, Portal, Query). Supported versions that are affected are 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require hum

CVE-2022-21470 [MEDIUM] CVE-2022-21470: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Proc Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Process Scheduler). Supported versions that are affected are 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction

CVE-2022-21456 [MEDIUM] CVE-2022-21456: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Navi Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Navigation Pages, Portal, Query). Supported versions that are affected are 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require hum

CVE-2022-24729 [MEDIUM] CWE-400 CVE-2022-24729: CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.1 CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.

CVE-2022-24728 [MEDIUM] CWE-79 CVE-2022-24728: CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been disco CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. T