CVE-2021-2044

MEDIUM

Oracle PeopleSoft Enterprise FIN Payables 9.2 - Unauthorized Data Access via Financial Sanctions Component

Title source: llm
STIX 2.1

Description

Vulnerability in the PeopleSoft Enterprise FIN Payables product of Oracle PeopleSoft (component: Financial Sanctions). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Payables. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise FIN Payables accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

References (1)

Core 1
Core References

Scores

CVSS v3 6.5
EPSS 0.0123
EPSS Percentile 65.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

Status published
Products (1)
oracle/peoplesoft_enterprise_fin_payables 9.2
Published Jan 20, 2021
Tracked Since Feb 18, 2026