Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.1
CVE-2018-2986: Oracle PeopleSoft PeopleTools Workflow Component Exposes Sensitive Data
CVE-2018-2986
Summary
If an attacker with access to the PeopleSoft system uses a specific exploit, they can delete or modify data and read sensitive information in the PeopleSoft system, even if they're not authorized. This affects PeopleSoft systems running versions 8.55 and 8.56. To protect your system, apply the latest security patches as soon as possible.
Original title
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Workflow). Supported versions that are affected are 8.55 and 8.56. Easily exploitable v...
Original description
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Workflow). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
osv CVSS3.1
6.1
- http://www.securitytracker.com/id/1041306 Vendor Advisory
- http://www.securityfocus.com/bid/104824 Vendor Advisory
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html Patch
Published: 18 Jul 2018 · Updated: 15 Mar 2026 · First seen: 15 Mar 2026