Rewterz

Rewterz Threat Advisory – Multiple Oracle VM VirtualBox Vulnerabilities

January 23, 2023
Rewterz

Rewterz Threat Advisory – Multiple Oracle Fusion Middleware Vulnerabilities

January 23, 2023

Rewterz Threat Advisory – Multiple Oracle PeopleSoft Enterprise PeopleTools Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2023-21844 CVSS:5.4

An unspecified vulnerability in Oracle PeopleSoft Enterprise PeopleTools related to the Elastic Search component could allow a remote authenticated attacker to bypass security restrictions resulting in a low confidentiality and integrity impact using unknown attack vectors.

CVE-2023-21831 CVSS:5.3

An unspecified vulnerability in Oracle PeopleSoft Enterprise CS Academic Advisement related to the Advising Notes component could allow a remote attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.

CVE-2023-21845 CVSS:5.4

An unspecified vulnerability in Oracle PeopleSoft Enterprise PeopleTools related to the Panel Processor component could allow a remote authenticated attacker to bypass security restrictions resulting in a low confidentiality and integrity impact using unknown attack vectors.

Impact

  • Security Bypass
  • Information Disclosure

Indicators Of Compromise

CVE

  • CVE-2023-21844
  • CVE-2023-21831
  • CVE-2023-21845

Affected Vendors

Oracle

Affected Products

  • Oracle PeopleSoft Enterprise PeopleTools 8.59
  • Oracle PeopleSoft Enterprise PeopleTools 8.60
  • Oracle PeopleSoft Enterprise CS Academic Advisement 9.2

Remediation

Refer to Oracle Critical Patch Update Advisory for patch, upgrade or suggested workaround information.

Oracle Critical Patch Update Advisory

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.