Rewterz Threat Advisory – Multiple Oracle VM VirtualBox Vulnerabilities
January 23, 2023Rewterz Threat Advisory – Multiple Oracle Fusion Middleware Vulnerabilities
January 23, 2023Rewterz Threat Advisory – Multiple Oracle VM VirtualBox Vulnerabilities
January 23, 2023Rewterz Threat Advisory – Multiple Oracle Fusion Middleware Vulnerabilities
January 23, 2023Severity
Medium
Analysis Summary
CVE-2023-21844 CVSS:5.4
An unspecified vulnerability in Oracle PeopleSoft Enterprise PeopleTools related to the Elastic Search component could allow a remote authenticated attacker to bypass security restrictions resulting in a low confidentiality and integrity impact using unknown attack vectors.
CVE-2023-21831 CVSS:5.3
An unspecified vulnerability in Oracle PeopleSoft Enterprise CS Academic Advisement related to the Advising Notes component could allow a remote attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVE-2023-21845 CVSS:5.4
An unspecified vulnerability in Oracle PeopleSoft Enterprise PeopleTools related to the Panel Processor component could allow a remote authenticated attacker to bypass security restrictions resulting in a low confidentiality and integrity impact using unknown attack vectors.
Impact
- Security Bypass
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-21844
- CVE-2023-21831
- CVE-2023-21845
Affected Vendors
Oracle
Affected Products
- Oracle PeopleSoft Enterprise PeopleTools 8.59
- Oracle PeopleSoft Enterprise PeopleTools 8.60
- Oracle PeopleSoft Enterprise CS Academic Advisement 9.2
Remediation
Refer to Oracle Critical Patch Update Advisory for patch, upgrade or suggested workaround information.