Rewterz Threat Advisory – Oracle PeopleSoft Enterprise Learning Management Multiple Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2019-2707 & CVE-2019-2700

1) An error within the “Application Search” subcomponent can be exploited to disclose, update, insert, or delete certain data.

2) An error within the “Enterprise Learning Mgmt” subcomponent can be exploited to update, insert, or delete certain data.

Impact

• Exposure of sensitive information
• Manipulation of data

Affected Vendors

Oracle

Affected Products

Oracle PeopleSoft Enterprise Learning Management 9.2.

Remediation

Apply update.

https://support.oracle.com/rs?type=doc&id=2522908.1