Sign-up

ID

VAR-202107-0639


CVE

CVE-2021-2404


TITLE

Oracle PeopleSoft  of  PeopleSoft Enterprise HCM Candidate Gateway  In  e-mail notification  Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-002083

DESCRIPTION

Vulnerability in the PeopleSoft Enterprise HCM Candidate Gateway product of Oracle PeopleSoft (component: e-mail notification). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Candidate Gateway. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM Candidate Gateway accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HCM Candidate Gateway accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N). Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.34

sources: NVD: CVE-2021-2404 // JVNDB: JVNDB-2021-002083 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-377090 // VULMON: CVE-2021-2404

AFFECTED PRODUCTS

vendor:oraclemodel:peoplesoft enterprise hcm candidate gatewayscope:eqversion:9.2

Trust: 1.0

vendor:オラクルmodel:peoplesoft enterprise hcm candidate gatewayscope:eqversion:9.2

Trust: 0.8

vendor:オラクルmodel:peoplesoft enterprise hcm candidate gatewayscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-002083 // NVD: CVE-2021-2404

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-2404
value: MEDIUM

Trust: 1.0

secalert_us@oracle.com: CVE-2021-2404
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-2404
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202107-1340
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

VULHUB: VHN-377090
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-2404
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-2404
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-377090
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

secalert_us@oracle.com: CVE-2021-2404
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.5
version: 3.1

Trust: 1.0

OTHER: JVNDB-2021-002083
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-377090 // VULMON: CVE-2021-2404 // JVNDB: JVNDB-2021-002083 // CNNVD: CNNVD-202107-1340 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-2404 // NVD: CVE-2021-2404

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-002083 // NVD: CVE-2021-2404

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-1340

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202107-1340 // CNNVD: CNNVD-202104-975

PATCH

title:Oracle Critical Patch Update Advisory - July 2021 Oracle Critical Patch Updateurl:https://www.oracle.com/security-alerts/cpujul2021.html

Trust: 0.8

title:Oracle PeopleSoft Products Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=157951

Trust: 0.6

sources: JVNDB: JVNDB-2021-002083 // CNNVD: CNNVD-202107-1340

EXTERNAL IDS

db:NVDid:CVE-2021-2404

Trust: 2.6

db:JVNDBid:JVNDB-2021-002083

Trust: 0.8

db:CS-HELPid:SB2021072763

Trust: 0.6

db:CNNVDid:CNNVD-202107-1340

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:VULHUBid:VHN-377090

Trust: 0.1

db:VULMONid:CVE-2021-2404

Trust: 0.1

sources: VULHUB: VHN-377090 // VULMON: CVE-2021-2404 // JVNDB: JVNDB-2021-002083 // CNNVD: CNNVD-202107-1340 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-2404

REFERENCES

url:https://www.oracle.com/security-alerts/cpujul2021.html

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-2404

Trust: 1.4

url:https://www.cybersecurity-help.cz/vdb/sb2021072763

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-377090 // VULMON: CVE-2021-2404 // JVNDB: JVNDB-2021-002083 // CNNVD: CNNVD-202107-1340 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-2404

SOURCES

db:VULHUBid:VHN-377090
db:VULMONid:CVE-2021-2404
db:JVNDBid:JVNDB-2021-002083
db:CNNVDid:CNNVD-202107-1340
db:CNNVDid:CNNVD-202104-975
db:NVDid:CVE-2021-2404

LAST UPDATE DATE

2024-08-14T12:24:19.987000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-377090date:2021-07-23T00:00:00
db:VULMONid:CVE-2021-2404date:2021-07-23T00:00:00
db:JVNDBid:JVNDB-2021-002083date:2021-07-30T07:30:00
db:CNNVDid:CNNVD-202107-1340date:2021-07-28T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:NVDid:CVE-2021-2404date:2021-07-23T14:17:05.233

SOURCES RELEASE DATE

db:VULHUBid:VHN-377090date:2021-07-21T00:00:00
db:VULMONid:CVE-2021-2404date:2021-07-21T00:00:00
db:JVNDBid:JVNDB-2021-002083date:2021-07-30T00:00:00
db:CNNVDid:CNNVD-202107-1340date:2021-07-20T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:NVDid:CVE-2021-2404date:2021-07-21T15:15:49.650