Rewterz Threat Advisory – CVE-2022-39406 – Oracle PeopleSoft Enterprise Common Vulnerability

Rewterz Threat Advisory – CVE-2022-39420 – Oracle Transportation Management Product Vulnerability

November 7, 2022

Rewterz Threat Advisory – ICS: Delta Electronics DIAEnergie Vulnerability

November 7, 2022

Rewterz Threat Advisory – CVE-2022-39406 – Oracle PeopleSoft Enterprise Common Vulnerability

Severity

High

Analysis Summary

CVE-2022-39406

Oracle PeopleSoft Enterprise Common Components could allow a remote authenticated attacker to bypass security restrictions, caused by an improper access control in the Approval Framework component. By sending a specially-crafted HTTP request, an attacker could exploit this vulnerability to perform unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise Common Components accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise Common Components accessible data.

Impact

Security Bypass

Indicators Of Compromise

CVE

CVE-2022-39406

Affected Vendors

Oracle

Affected Products

Oracle PeopleSoft Enterprise Common Components 9.2

Remediation

Refer to Oracle Security Advisory for patch, upgrade or suggested workaround information.

Oracle Security Advisory

Rewterz Threat Advisory – CVE-2022-39420 – Oracle Transportation Management Product Vulnerability

Rewterz Threat Advisory – ICS: Delta Electronics DIAEnergie Vulnerability

Rewterz Threat Advisory – CVE-2022-39406 – Oracle PeopleSoft Enterprise Common Vulnerability

Severity

Analysis Summary

Impact

Indicators Of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan