CVE-2021-2063

HIGH

Oracle PeopleSoft Enterprise PeopleTools 8.56, 8.57, 8.58 - Unauthenticated Remote Code Execution in Portal

Title source: llm
STIX 2.1

Description

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 8.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

References (1)

Core 1
Core References

Scores

CVSS v3 8.4
EPSS 0.0041
EPSS Percentile 33.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

Status published
Products (3)
oracle/peoplesoft_enterprise_peopletools 8.56
oracle/peoplesoft_enterprise_peopletools 8.57
oracle/peoplesoft_enterprise_peopletools 8.58
Published Jan 20, 2021
Tracked Since Feb 18, 2026