Login Sign Up

CVE-2024-21214

8.1 HIGH

📋 TL;DR

This vulnerability in Oracle PeopleSoft Enterprise PeopleTools allows authenticated attackers with low privileges to perform unauthorized data manipulation and access via HTTP. It affects PeopleSoft Enterprise PeopleTools versions 8.59, 8.60, and 8.61. Attackers can create, delete, or modify critical data and access sensitive information.

💻 Affected Systems

Products:
  • Oracle PeopleSoft Enterprise PeopleTools
Versions: 8.59, 8.60, 8.61
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the Query component specifically. Requires network access via HTTP and low privileged account.

📦 What is this software?

Peoplesoft Enterprise Peopletools by Oracle

View all CVEs affecting Peoplesoft Enterprise Peopletools →

Peoplesoft Enterprise Peopletools by Oracle

View all CVEs affecting Peoplesoft Enterprise Peopletools →

Peoplesoft Enterprise Peopletools by Oracle

View all CVEs affecting Peoplesoft Enterprise Peopletools →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of PeopleSoft data including unauthorized creation, deletion, or modification of critical business data and exposure of all accessible sensitive information.

🟠

Likely Case

Unauthorized data access and manipulation by authenticated users with low privileges, potentially leading to data breaches or business process disruption.

🟢

If Mitigated

Limited impact if proper network segmentation, access controls, and monitoring are in place to detect and block exploitation attempts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Oracle describes it as 'easily exploitable' but requires authenticated access. No public exploit code known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply patches from Oracle Critical Patch Update October 2024

Vendor Advisory: https://www.oracle.com/security-alerts/cpuoct2024.html

Restart Required: Yes

Instructions:

1. Review Oracle Critical Patch Update Advisory for October 2024. 2. Download appropriate patches for your PeopleTools version. 3. Apply patches following Oracle's PeopleTools patching procedures. 4. Restart affected services.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict network access to PeopleSoft applications to only trusted IP addresses and networks

Privilege Reduction

all

Review and reduce privileges for all user accounts, especially those with Query access

🧯 If You Can't Patch

  • Implement strict network segmentation and firewall rules to limit access to PeopleSoft applications
  • Enhance monitoring and logging of Query component activities and review for suspicious patterns

🔍 How to Verify

Check if Vulnerable:

Check PeopleTools version via PeopleSoft application menu: Main Menu > PeopleTools > Utilities > Administration > PeopleTools Version

Check Version:

Not applicable - use PeopleSoft application interface as described

Verify Fix Applied:

Verify patch application through PeopleSoft Change Assistant or by checking patch status in Oracle documentation

📡 Detection & Monitoring

Log Indicators:

  • Unusual Query activity patterns
  • Multiple failed query attempts followed by successful ones
  • Query operations from unusual user accounts or IP addresses

Network Indicators:

  • HTTP requests to Query endpoints with unusual parameters
  • Bursts of Query-related traffic

SIEM Query:

source="peoplesoft" AND (event_type="query" OR component="query") AND (result="success" OR action="modify" OR action="delete") | stats count by user, src_ip

📊 Metadata

CVE ID: CVE-2024-21214
CVSS v3 Score: 8.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Published: October 15, 2024
Last Updated: October 18, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON