Rewterz Threat Advisory – CVE-2022-39420 – Oracle Transportation Management Product Vulnerability
November 7, 2022Rewterz Threat Advisory – ICS: Delta Electronics DIAEnergie Vulnerability
November 7, 2022Rewterz Threat Advisory – CVE-2022-39420 – Oracle Transportation Management Product Vulnerability
November 7, 2022Rewterz Threat Advisory – ICS: Delta Electronics DIAEnergie Vulnerability
November 7, 2022Severity
High
Analysis Summary
CVE-2022-39406
Oracle PeopleSoft Enterprise Common Components could allow a remote authenticated attacker to bypass security restrictions, caused by an improper access control in the Approval Framework component. By sending a specially-crafted HTTP request, an attacker could exploit this vulnerability to perform unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise Common Components accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise Common Components accessible data.
Impact
Security Bypass
Indicators Of Compromise
CVE
- CVE-2022-39406
Affected Vendors
Oracle
Affected Products
- Oracle PeopleSoft Enterprise Common Components 9.2
Remediation
Refer to Oracle Security Advisory for patch, upgrade or suggested workaround information.