Details of VAR-201904-0293

ID

VAR-201904-0293

CVE

CVE-2019-2591

TITLE

Oracle PeopleSoft Products of PeopleSoft Enterprise HRMS In Candidate Gateway Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2019-003775

DESCRIPTION

Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: Candidate Gateway). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise HRMS. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise HRMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HRMS accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HRMS accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). The vulnerability can be exploited over the 'HTTPS' protocol

Trust: 1.98

sources: NVD: CVE-2019-2591 // JVNDB: JVNDB-2019-003775 // BID: 107978 // VULHUB: VHN-154026

AFFECTED PRODUCTS

vendor:	oracle	model:	peoplesoft enterprise hrms	scope:	eq	version:	9.2	Trust: 1.1
vendor:	oracle	model:	peoplesoft enterprise human capital management candidate gateway	scope:	eq	version:	9.2	Trust: 1.0
vendor:	oracle	model:	candidate gateway	scope:	-	version:	-	Trust: 0.8

sources: BID: 107978 // JVNDB: JVNDB-2019-003775 // NVD: CVE-2019-2591

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-2591
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-2591
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201904-769
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-154026
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-2591
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-154026
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-2591
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-154026 // JVNDB: JVNDB-2019-003775 // CNNVD: CNNVD-201904-769 // NVD: CVE-2019-2591

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-284	Trust: 0.9

sources: VULHUB: VHN-154026 // JVNDB: JVNDB-2019-003775 // NVD: CVE-2019-2591

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-769

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201904-769

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003775

PATCH

title:	Text Form of Oracle Critical Patch Update - April 2019 Risk Matrices	url:	https://www.oracle.com/technetwork/security-advisory/cpuapr2019verbose-5072824.html	Trust: 0.8
title:	Oracle Critical Patch Update Advisory - April 2019	url:	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	Trust: 0.8
title:	Oracle PeopleSoft Products PeopleSoft Enterprise HRMS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91567	Trust: 0.6

sources: JVNDB: JVNDB-2019-003775 // CNNVD: CNNVD-201904-769

EXTERNAL IDS

db:	NVD	id:	CVE-2019-2591	Trust: 2.8
db:	BID	id:	107978	Trust: 1.0
db:	JVNDB	id:	JVNDB-2019-003775	Trust: 0.8
db:	NSFOCUS	id:	43142	Trust: 0.6
db:	CNNVD	id:	CNNVD-201904-769	Trust: 0.6
db:	VULHUB	id:	VHN-154026	Trust: 0.1

sources: VULHUB: VHN-154026 // BID: 107978 // JVNDB: JVNDB-2019-003775 // CNNVD: CNNVD-201904-769 // NVD: CVE-2019-2591

REFERENCES

url:	http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	Trust: 2.6
url:	http://www.oracle.com/index.html	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2591	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-2591	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/43142	Trust: 0.6
url:	https://www.securityfocus.com/bid/107978	Trust: 0.6
url:	https://www.oracle.com/technetwork/security-advisory/cpuapr2019verbose-5072824.html	Trust: 0.6

sources: VULHUB: VHN-154026 // BID: 107978 // JVNDB: JVNDB-2019-003775 // CNNVD: CNNVD-201904-769 // NVD: CVE-2019-2591

CREDITS

Jakub Palaczynski,Jakub Palaczynski ?? ??

Trust: 0.6

sources: CNNVD: CNNVD-201904-769

SOURCES

db:	VULHUB	id:	VHN-154026
db:	BID	id:	107978
db:	JVNDB	id:	JVNDB-2019-003775
db:	CNNVD	id:	CNNVD-201904-769
db:	NVD	id:	CVE-2019-2591

LAST UPDATE DATE

2024-11-23T22:33:57.169000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-154026	date:	2020-08-24T00:00:00
db:	BID	id:	107978	date:	2019-04-16T00:00:00
db:	JVNDB	id:	JVNDB-2019-003775	date:	2019-05-22T00:00:00
db:	CNNVD	id:	CNNVD-201904-769	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-2591	date:	2024-11-21T04:41:10.247

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-154026	date:	2019-04-23T00:00:00
db:	BID	id:	107978	date:	2019-04-16T00:00:00
db:	JVNDB	id:	JVNDB-2019-003775	date:	2019-05-22T00:00:00
db:	CNNVD	id:	CNNVD-201904-769	date:	2019-04-16T00:00:00
db:	NVD	id:	CVE-2019-2591	date:	2019-04-23T19:32:50.117