Login Sign Up

CVE-2022-21300

7.5 HIGH

📋 TL;DR

This vulnerability allows unauthenticated attackers with network access via HTTP to access sensitive data in Oracle PeopleSoft Enterprise CS SA Integration Pack. It affects versions 9.0 and 9.2 of the product, potentially exposing critical information without requiring authentication.

💻 Affected Systems

Products:
  • Oracle PeopleSoft Enterprise CS SA Integration Pack
Versions: 9.0 and 9.2
Operating Systems: Not OS-specific - affects PeopleSoft application
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the Snapshot Integration component specifically. Requires PeopleSoft Enterprise Campus Solutions with SA Integration Pack.

📦 What is this software?

Peoplesoft Enterprise Cs Sa Integration Pack by Oracle

View all CVEs affecting Peoplesoft Enterprise Cs Sa Integration Pack →

Peoplesoft Enterprise Cs Sa Integration Pack by Oracle

View all CVEs affecting Peoplesoft Enterprise Cs Sa Integration Pack →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of all accessible PeopleSoft Enterprise CS SA Integration Pack data, including sensitive student administration information.

🟠

Likely Case

Unauthorized access to confidential student records, academic data, and integration-related information.

🟢

If Mitigated

Limited or no data exposure if proper network segmentation and access controls are implemented.

🌐 Internet-Facing: HIGH - Unauthenticated HTTP access makes internet-facing instances extremely vulnerable.
🏢 Internal Only: MEDIUM - Internal instances are still vulnerable but may have additional network controls.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

CVSS indicates low attack complexity and no authentication required, making exploitation straightforward for attackers with network access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply patches from Oracle Critical Patch Update January 2022

Vendor Advisory: https://www.oracle.com/security-alerts/cpujan2022.html

Restart Required: Yes

Instructions:

1. Download appropriate patch from Oracle Support. 2. Apply patch following PeopleSoft patching procedures. 3. Restart application services. 4. Test integration functionality.

🔧 Temporary Workarounds

Network Segmentation

linux

Restrict HTTP access to PeopleSoft instances to trusted networks only

firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="TRUSTED_NETWORK" port protocol="tcp" port="80" accept'
firewall-cmd --reload

Web Application Firewall

all

Deploy WAF to block unauthorized access attempts to Snapshot Integration endpoints

🧯 If You Can't Patch

  • Implement strict network access controls to limit HTTP access to PeopleSoft instances
  • Monitor for unusual access patterns to Snapshot Integration endpoints and review access logs regularly

🔍 How to Verify

Check if Vulnerable:

Check PeopleTools version and verify if running affected PeopleSoft Enterprise CS SA Integration Pack versions 9.0 or 9.2

Check Version:

SELECT VERSION FROM PSSTATUS WHERE PLATFORM_NAME = 'PeopleTools'

Verify Fix Applied:

Verify patch application through PeopleSoft Change Assistant and confirm January 2022 CPU patches are installed

📡 Detection & Monitoring

Log Indicators:

  • Unauthenticated HTTP requests to Snapshot Integration endpoints
  • Unusual data access patterns from unexpected IP addresses

Network Indicators:

  • HTTP traffic to PeopleSoft instances from unauthorized sources
  • Bursts of data extraction from integration endpoints

SIEM Query:

source="peoplesoft_logs" AND (uri="*snapshot*" OR uri="*integration*") AND status="200" AND user="anonymous"

📊 Metadata

CVE ID: CVE-2022-21300
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Published: January 19, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON