CVE-2017-10338
Summary
| CVE | CVE-2017-10338 |
|---|---|
| State | PUBLISHED |
| Assigner | oracle |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-10-19 17:29:03 UTC |
| Updated | 2025-04-20 01:37:25 UTC |
| Description | Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Enterprise Portal). The supported version that is affected is 9.1.00. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PRTL Interaction Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized update, insert or delete access to some of PeopleSoft Enterprise PRTL Interaction Hub accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). |
Risk And Classification
Primary CVSS: v3.0 8.2 HIGH from [email protected]
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
Problem Types: NVD-CWE-noinfo | Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PRTL Interaction Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized update, insert or delete access to some of PeopleSoft Enterprise PRTL Interaction Hub accessible data.
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.0 | [email protected] | Primary | 8.2 | HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N |
| 2.0 | [email protected] | Primary | 5.8 | AV:N/AC:M/Au:N/C:P/I:P/A:N |
CVSS v3.0 Breakdown
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
CVSS v2.0 Breakdown
AV:N/AC:M/Au:N/C:P/I:P/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Oracle | Peoplesoft Enterprise Prtl Interaction Hub | 9.1.00 | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Oracle Corporation | PeopleSoft Enterprise PRTL Interaction Hub | affected 9.1.00 | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Oracle PeopleSoft Products Multiple Flaws Let Remote Users Access and Modify Data, Deny Service, and Gain Elevated Privileges on the Target System - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Oracle Critical Patch Update - October 2017 | af854a3a-2127-422b-91ae-364da2661108 | www.oracle.com | Patch, Vendor Advisory |
| Oracle PeopleSoft Enterprise PRTL Interaction Hub CVE-2017-10338 Remote Security Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |