CVE-2019-2700

{"id": "CVE-2019-2700", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2019-04-23T19:32:56.367", "references": [{"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "tags": ["Patch", "Vendor Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the PeopleSoft Enterprise ELM component of Oracle PeopleSoft Products (subcomponent: Enterprise Learning Mgmt). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise ELM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise ELM accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)."}, {"lang": "es", "value": "Vulnerabilidad en el componente PeopleSoft Enterprise ELM de Oracle PeopleSoft Products (subcomponente: Enterprise Learning Mgmt). La versi\u00f3n soportada que se ve impactada es 9.2. Una vulnerabilidad f\u00e1cilmente explotable que permite a un atacante con privilegios bajos con acceso a la red por medio de HTTP comprometer a PeopleSoft Enterprise ELM. Los ataques con \u00e9xito de esta vulnerabilidad pueden conllevar a actualizaciones no autorizadas, introducir o suprimir el acceso a algunos de los datos accesibles de PeopleSoft Enterprise ELM. CVSS versi\u00f3n 3.0 Base Score versi\u00f3n 4.3 (Impactos de integridad). Vector CVSS: (CVSS:3.0/AV:N/AC: L/PR:L/UI:N/S:U/C:N/I:L/A:N)."}], "lastModified": "2024-11-21T04:41:23.547", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_learning_management:9.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C00103B8-F05F-4D95-BDEF-D1684640C1FE"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}