CVE-2017-3577
Summary
| CVE | CVE-2017-3577 |
|---|---|
| State | PUBLISHED |
| Assigner | oracle |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-04-24 19:59:05 UTC |
| Updated | 2025-04-20 01:37:25 UTC |
| Description | Vulnerability in the PeopleSoft Enterprise CS Campus Community component of Oracle PeopleSoft Products (subcomponent: Frameworks). The supported version that is affected is 9.2. Easily "exploitable" vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CS Campus Community. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise CS Campus Community accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise CS Campus Community accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N). |
Risk And Classification
Primary CVSS: v3.0 6.5 MEDIUM from [email protected]
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Problem Types: NVD-CWE-noinfo | Easily "exploitable" vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CS Campus Community. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise CS Campus Community accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise CS Campus Community accessible data.
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.0 | [email protected] | Primary | 6.5 | MEDIUM | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N |
| 2.0 | [email protected] | Primary | 6.5 | AV:N/AC:L/Au:S/C:P/I:P/A:P |
CVSS v3.0 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
HighUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
NoneCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
SingleConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:N/AC:L/Au:S/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Oracle | Peoplesoft Enterprise Cs Campus Community | 9.2 | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Oracle Corporation | PeopleSoft Enterprise CS Campus Community | affected 9.2 | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Oracle Critical Patch Update - April 2017 | af854a3a-2127-422b-91ae-364da2661108 | www.oracle.com | Vendor Advisory |
| Oracle PeopleSoft Enterprise CS Campus Community CVE-2017-3577 Remote Security Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Oracle PeopleSoft Products Multiple Flaws Let Remote Users Access and Modify Data and Deny Service on the Target System - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.