CVE-2023-22047

HIGH NUCLEI

Oracle PeopleSoft <8.60 - RCE

Title source: llm

Description

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Exploits (1)

nomisec WRITEUP 10 stars

by tuo4n8 · poc

https://github.com/tuo4n8/CVE-2023-22047

View Code ZIP pw:eip

Nuclei Templates (1)

Oracle Peoplesoft - Unauthenticated File Read

HIGHVERIFIEDby tuo4n8

Shodan: http.title:"oracle peoplesoft enterprise"

FOFA: title="oracle peoplesoft enterprise"

References (1)

[Patch, Vendor Advisory] https://www.oracle.com/security-alerts/cpujul2023.html

Scores

CVSS v3 7.5

EPSS 0.9163

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-306

Status published

Products (2)

oracle/peoplesoft_enterprise 8.59

oracle/peoplesoft_enterprise 8.60

Published Jul 18, 2023

Tracked Since Feb 18, 2026