Login Sign Up

CVE-2022-21543

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

CVE-2022-21543 is a critical vulnerability in Oracle PeopleSoft Enterprise PeopleTools that allows unauthenticated attackers to remotely execute arbitrary code via HTTP. This affects PeopleSoft Enterprise PeopleTools versions 8.58 and 8.59. Successful exploitation results in complete system compromise.

💻 Affected Systems

Products:
  • Oracle PeopleSoft Enterprise PeopleTools
Versions: 8.58 and 8.59
Operating Systems: All supported platforms running PeopleSoft
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the Updates Environment Management component. All installations with these versions are vulnerable by default.

📦 What is this software?

Peoplesoft Enterprise Peopletools by Oracle

View all CVEs affecting Peoplesoft Enterprise Peopletools →

Peoplesoft Enterprise Peopletools by Oracle

View all CVEs affecting Peoplesoft Enterprise Peopletools →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover allowing attackers to steal sensitive data, modify or delete information, disrupt operations, and establish persistent access.

🟠

Likely Case

Remote code execution leading to data exfiltration, ransomware deployment, or lateral movement within the network.

🟢

If Mitigated

Limited impact if systems are properly segmented, monitored, and patched promptly.

🌐 Internet-Facing: HIGH - Unauthenticated network access via HTTP makes internet-facing systems extremely vulnerable.
🏢 Internal Only: HIGH - Even internal systems are vulnerable to network-based attacks from compromised internal hosts.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

CVSS 9.8 indicates trivial exploitation requiring no authentication or user interaction. While no public PoC exists, weaponization is likely given the high severity.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply Critical Patch Update from July 2022 or later

Vendor Advisory: https://www.oracle.com/security-alerts/cpujul2022.html

Restart Required: Yes

Instructions:

1. Download the July 2022 Critical Patch Update from Oracle Support. 2. Apply the patch following Oracle's PeopleTools patching procedures. 3. Restart affected PeopleSoft services. 4. Test functionality after patching.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to PeopleSoft systems to only trusted sources

Use firewall rules to limit HTTP/HTTPS access to PeopleSoft servers from authorized IP ranges only

Web Application Firewall

all

Deploy WAF with rules to block exploitation attempts

Configure WAF to monitor and block suspicious HTTP requests to PeopleSoft endpoints

🧯 If You Can't Patch

  • Isolate affected systems from internet and restrict internal network access
  • Implement strict monitoring and alerting for suspicious activity on PeopleSoft servers

🔍 How to Verify

Check if Vulnerable:

Check PeopleTools version via PeopleSoft application or query database for version information

Check Version:

Check PT_VERSION table in PeopleSoft database or use PeopleTools version checker

Verify Fix Applied:

Verify patch application through PeopleSoft Change Assistant or check version after patching

📡 Detection & Monitoring

Log Indicators:

  • Unusual HTTP requests to PeopleSoft endpoints
  • Unexpected process execution on PeopleSoft servers
  • Authentication bypass attempts

Network Indicators:

  • Suspicious HTTP traffic patterns to PeopleSoft servers
  • Unexpected outbound connections from PeopleSoft systems

SIEM Query:

source="peoplesoft*" AND (http_method="POST" OR http_method="GET") AND (uri_contains="/psp/" OR uri_contains="/psc/") AND status>=400

📊 Metadata

CVE ID: CVE-2022-21543
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: July 19, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON