CVE-2021-2071

HIGH

Oracle PeopleSoft Enterprise PeopleTools 8.56-8.58 - Unauthenticated Remote Code Execution in Elastic Search

Title source: llm
STIX 2.1

Description

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Supported versions that are affected are 8.56, 8.57 and 8.58. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

References (1)

Core 1
Core References

Scores

CVSS v3 8.1
EPSS 0.0158
EPSS Percentile 72.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

Status published
Products (3)
oracle/peoplesoft_enterprise_peopletools 8.56
oracle/peoplesoft_enterprise_peopletools 8.57
oracle/peoplesoft_enterprise_peopletools 8.58
Published Jan 20, 2021
Tracked Since Feb 18, 2026