Rewterz Threat Alert – Raccoon Infostealer – Active IOCs
July 21, 2022Rewterz Threat Advisory –Multiple Oracle FLEXCUBE Universal Banking Vulnerabilities
July 21, 2022Rewterz Threat Alert – Raccoon Infostealer – Active IOCs
July 21, 2022Rewterz Threat Advisory –Multiple Oracle FLEXCUBE Universal Banking Vulnerabilities
July 21, 2022Severity
High
Analysis Summary
CVE-2022-21521 CVSS:4.9
An unspecified vulnerability in Oracle PeopleSoft Enterprise PeopleTools related to the XML Publisher component could allow an authenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.
CVE-2022-21543 CVSS:9.8
An unspecified vulnerability in Oracle PeopleSoft Enterprise PeopleTools related to the Updates Environment Mgmt component could allow an unauthenticated attacker to take control of the system.
CVE-2022-21520 CVSS:6.1
An unspecified vulnerability in Oracle PeopleSoft Enterprise PeopleTools related to the Fluid Core component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact.
Impact
- Information Disclosure
- Unauthorized Access
Indicators Of Compromise
CVE
- CVE-2022-21521
- CVE-2022-21543
- CVE-2022-21520
Affected Vendors
Oracle
Affected Products
- Oracle PeopleSoft Enterprise PeopleTools 8.58
- Oracle PeopleSoft Enterprise PeopleTools 8.59
Remediation
Refer to Oracle Security Advisory for patch, upgrade or suggested workaround information.