Skip to main content

Peoplesoft Enterprise Pt Peopletools CVE-2021-2218

HIGH
2021-04-22 secalert_us@oracle.com
8.3
CVSS 3.1 · Vendor: oracle
Share

Severity by source

Vendor (oracle) PRIMARY
8.3 HIGH
AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Primary rating from Vendor (oracle) · only source for this CVE.

CVSS VectorVendor: oracle

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

1
CVE Published
Apr 22, 2021 - 22:15 cve.org
HIGH 8.3

DescriptionCVE.org

Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Health Center). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. While the vulnerability is in PeopleSoft Enterprise PT PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PT PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PT PeopleTools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PT PeopleTools. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L).

AnalysisAI

Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Health Center). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Health Center). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. While the vulnerability is in PeopleSoft Enterprise PT PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PT PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PT PeopleTools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PT PeopleTools. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L). Affected products include: Oracle Peoplesoft Enterprise Pt Peopletools.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2026-35278 CRITICAL
9.8 Jun 16

Remote takeover of Oracle PeopleSoft Enterprise PT PeopleTools 8.61 and 8.62 is possible via the Performance Monitor com

CVE-2026-35271 HIGH
8.7 Jun 16

Unauthenticated remote compromise of Oracle PeopleSoft Enterprise PT PeopleTools 8.61 and 8.62 via the WebLogic componen

CVE-2026-35272 HIGH
8.4 Jun 16

Full compromise of Oracle PeopleSoft Enterprise PT PeopleTools 8.61 and 8.62 is possible via the Deployment Package comp

CVE-2026-35274 HIGH
8.2 Jun 16

Unauthorized data access and modification in Oracle PeopleSoft Enterprise PT PeopleTools 8.61 and 8.62 allows unauthenti

CVE-2026-35288 HIGH
8.2 Jun 16

Privilege escalation and full takeover in Oracle PeopleSoft Enterprise PT PeopleTools 8.61 and 8.62 (Deployment Package

CVE-2026-35276 HIGH
8.1 Jun 16

Remote takeover of Oracle PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.62 is possible via the Application Se

CVE-2026-35289 HIGH
8.1 Jun 16

Remote takeover of Oracle PeopleSoft Enterprise PT PeopleTools 8.61 and 8.62 is possible via the Deployment Package comp

CVE-2026-35279 HIGH
8.1 Jun 16

Remote takeover of Oracle PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.62 is possible via the Performance Mo

CVE-2019-12402 HIGH
7.5 Aug 30

The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop w

CVE-2019-10086 HIGH
7.3 Aug 20

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for a

CVE-2018-2793 MEDIUM
6.2 Apr 19

Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: PsAdmin

CVE-2021-2408 MEDIUM
6.1 Jul 21

Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Notification Configur

Share

CVE-2021-2218 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy