AI description
CVE-2023-22047 is a vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft, specifically affecting versions 8.59 and 8.60. The affected component is the Portal. This vulnerability allows an unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful exploitation can lead to unauthorized access to critical data or complete access to all accessible PeopleSoft Enterprise PeopleTools data.
- Description
- Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
- Source
- secalert_us@oracle.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
- nvd@nist.gov
- NVD-CWE-noinfo
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-306
- Hype score
- Not currently trending
GitHub - tuo4n8/CVE-2023-22047: Leveraging arbitrary file read to RCE on Oracle PeopleSoft https://t.co/hgiAd9TtDK
@akaclandestine
6 Apr 2025
3457 Impressions
18 Retweets
70 Likes
17 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2023-22047 - high 🚨 Oracle Peoplesoft - Unauthenticated File Read > Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (... 👾 https://t.co/6n6aAuWPtz @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
2 Apr 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Submitted this bug to ZDI a long time ago, but they weren’t interested 🥲. Later sent to Oracle, marked dup of CVE-2023-22047. CVSS 7.5 but leads to unauth RCE. Fortunately, some big programs accepted it. Check exploit here : https://t.co/1BilcgLUzR #BugBounty #InfoSec #Oracle
@tuo4n8
2 Apr 2025
1570 Impressions
5 Retweets
28 Likes
12 Bookmarks
1 Reply
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise:8.59:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B858521F-E74C-4D14-B3E1-34864B101A45"
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise:8.60:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7484EC21-A034-431D-87FD-80F189104572"
}
],
"operator": "OR"
}
]
}
]