Sign-up

ID

VAR-202007-0806


CVE

CVE-2020-14612


TITLE

Oracle PeopleSoft of PeopleSoft Enterprise HRMS In Time and Labor Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-007783

DESCRIPTION

Vulnerability in the PeopleSoft Enterprise HRMS product of Oracle PeopleSoft (component: Time and Labor). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HRMS. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HRMS accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HRMS accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). Oracle PeopleSoft of PeopleSoft Enterprise HRMS To Time and Labor There are vulnerabilities that affect confidentiality and integrity due to improper handling of.Information can be obtained and tampered with by remotely authenticated users. This product provides functions such as human capital management, financial management, and supplier relationship management. PeopleSoft Enterprise HRMS is one of the human resource management components, which includes labor data management, budget management and other modules

Trust: 1.71

sources: NVD: CVE-2020-14612 // JVNDB: JVNDB-2020-007783 // VULHUB: VHN-167508

AFFECTED PRODUCTS

vendor:oraclemodel:peoplesoft enterprise human capital management candidate gatewayscope:eqversion:9.2

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise hcm candidate gatewayscope: - version: -

Trust: 0.8

vendor:oraclemodel:peoplesoft enterprise hrmsscope:eqversion:9.2

Trust: 0.8

sources: JVNDB: JVNDB-2020-007783 // NVD: CVE-2020-14612

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-14612
value: MEDIUM

Trust: 1.0

secalert_us@oracle.com: CVE-2020-14612
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-007783
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202007-698
value: MEDIUM

Trust: 0.6

VULHUB: VHN-167508
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-14612
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-007783
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-167508
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-14612
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.5
version: 3.1

Trust: 2.0

NVD: JVNDB-2020-007783
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-167508 // JVNDB: JVNDB-2020-007783 // CNNVD: CNNVD-202007-698 // NVD: CVE-2020-14612 // NVD: CVE-2020-14612

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2020-14612

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-698

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202007-698

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-007783

PATCH
title:Oracle Critical Patch Update Advisory - July 2020url:https://www.oracle.com/security-alerts/cpujul2020.html
Trust: 0.8
title:Text Form of Oracle Critical Patch Update - July 2020 Risk Matricesurl:https://www.oracle.com/security-alerts/cpujul2020verbose.html
Trust: 0.8
title:Oracle PeopleSoft Enterprise HRMS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=123758
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-007783 // 
            
            
            
            CNNVD: CNNVD-202007-698

EXTERNAL IDS
db:NVDid:CVE-2020-14612
Trust: 2.5
db:JVNDBid:JVNDB-2020-007783
Trust: 0.8
db:CNNVDid:CNNVD-202007-698
Trust: 0.7
db:VULHUBid:VHN-167508
Trust: 0.1
sources:
            
            
            VULHUB: VHN-167508 // 
            
            
            
            JVNDB: JVNDB-2020-007783 // 
            
            
            
            CNNVD: CNNVD-202007-698 // 
            
            
            
            NVD: CVE-2020-14612

REFERENCES
url:https://www.oracle.com/security-alerts/cpujul2020.html
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2020-14612
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14612
Trust: 0.8
sources:
            
            
            VULHUB: VHN-167508 // 
            
            
            
            JVNDB: JVNDB-2020-007783 // 
            
            
            
            CNNVD: CNNVD-202007-698 // 
            
            
            
            NVD: CVE-2020-14612

SOURCES
db:VULHUBid:VHN-167508
db:JVNDBid:JVNDB-2020-007783
db:CNNVDid:CNNVD-202007-698
db:NVDid:CVE-2020-14612

LAST UPDATE DATE
2024-11-23T23:07:55.287000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-167508date:2020-07-16T00:00:00
db:JVNDBid:JVNDB-2020-007783date:2020-08-26T00:00:00
db:CNNVDid:CNNVD-202007-698date:2020-07-17T00:00:00
db:NVDid:CVE-2020-14612date:2024-11-21T05:03:40.927

SOURCES RELEASE DATE
db:VULHUBid:VHN-167508date:2020-07-15T00:00:00
db:JVNDBid:JVNDB-2020-007783date:2020-08-26T00:00:00
db:CNNVDid:CNNVD-202007-698date:2020-07-14T00:00:00
db:NVDid:CVE-2020-14612date:2020-07-15T18:15:26.677