Sign-up

ID

VAR-202004-1223


CVE

CVE-2020-2954


TITLE

Oracle PeopleSoft of PeopleSoft Enterprise HRMS In Candidate Gateway Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-004273

DESCRIPTION

Vulnerability in the PeopleSoft Enterprise HRMS product of Oracle PeopleSoft (component: Candidate Gateway). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise HRMS. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise HRMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HRMS accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HRMS accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Oracle PeopleSoft Products is a set of enterprise human capital management solutions from Oracle Corporation. This product provides functions such as human capital management, financial management, and supplier relationship management. PeopleSoft Enterprise HRMS is one of the human resource management components, which includes labor data management, budget management and other modules

Trust: 1.71

sources: NVD: CVE-2020-2954 // JVNDB: JVNDB-2020-004273 // VULHUB: VHN-181079

AFFECTED PRODUCTS

vendor:oraclemodel:peoplesoft enterprise human capital management candidate gatewayscope:eqversion:9.2

Trust: 1.0

vendor:oraclemodel:candidate gatewayscope: - version: -

Trust: 0.8

vendor:oraclemodel:peoplesoft enterprise hrmsscope:eqversion:9.2

Trust: 0.8

sources: JVNDB: JVNDB-2020-004273 // NVD: CVE-2020-2954

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-2954
value: MEDIUM

Trust: 1.0

secalert_us@oracle.com: CVE-2020-2954
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-004273
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202004-988
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181079
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-2954
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-004273
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181079
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-2954
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

secalert_us@oracle.com: CVE-2020-2954
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-004273
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181079 // JVNDB: JVNDB-2020-004273 // CNNVD: CNNVD-202004-988 // NVD: CVE-2020-2954 // NVD: CVE-2020-2954

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2020-2954

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-988

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202004-988

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-004273

PATCH
title:Oracle Critical Patch Update Advisory - April 2020url:https://www.oracle.com/security-alerts/cpuapr2020.html
Trust: 0.8
title:Text Form of Oracle Critical Patch Update - April 2020 Risk Matricesurl:https://www.oracle.com/security-alerts/cpuapr2020verbose.html
Trust: 0.8
title:Oracle PeopleSoft Products PeopleSoft Enterprise HRMS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=114345
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-004273 // 
            
            
            
            CNNVD: CNNVD-202004-988

EXTERNAL IDS
db:NVDid:CVE-2020-2954
Trust: 2.5
db:JVNDBid:JVNDB-2020-004273
Trust: 0.8
db:CNNVDid:CNNVD-202004-988
Trust: 0.7
db:CNVDid:CNVD-2020-29613
Trust: 0.1
db:VULHUBid:VHN-181079
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181079 // 
            
            
            
            JVNDB: JVNDB-2020-004273 // 
            
            
            
            CNNVD: CNNVD-202004-988 // 
            
            
            
            NVD: CVE-2020-2954

REFERENCES
url:https://www.oracle.com/security-alerts/cpuapr2020.html
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2020-2954
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-2954
Trust: 0.8
sources:
            
            
            VULHUB: VHN-181079 // 
            
            
            
            JVNDB: JVNDB-2020-004273 // 
            
            
            
            CNNVD: CNNVD-202004-988 // 
            
            
            
            NVD: CVE-2020-2954

SOURCES
db:VULHUBid:VHN-181079
db:JVNDBid:JVNDB-2020-004273
db:CNNVDid:CNNVD-202004-988
db:NVDid:CVE-2020-2954

LAST UPDATE DATE
2024-11-23T22:16:30.568000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181079date:2020-04-17T00:00:00
db:JVNDBid:JVNDB-2020-004273date:2020-05-12T00:00:00
db:CNNVDid:CNNVD-202004-988date:2020-04-26T00:00:00
db:NVDid:CVE-2020-2954date:2024-11-21T05:26:43.383

SOURCES RELEASE DATE
db:VULHUBid:VHN-181079date:2020-04-15T00:00:00
db:JVNDBid:JVNDB-2020-004273date:2020-05-12T00:00:00
db:CNNVDid:CNNVD-202004-988date:2020-04-14T00:00:00
db:NVDid:CVE-2020-2954date:2020-04-15T14:15:37.607