CVE-2024-21158

Summary

CVE-2024-21158 is a newly identified vulnerability affecting the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft, specifically versions 8.59, 8.60, and 8.61. This issue, which has a base score of 6.4 (Confidentiality and Integrity impacts) on the Common Vulnerability Scoring System (CVSS), allows a low-privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Though the vulnerability is confined to this software, the potential impact may extend to additional affected products. Successful exploitation can result in unauthorized update, insert, or delete access to some data and unauthorized read access to a subset of data for PeopleSoft Enterprise PeopleTools.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.