Severity
Medium
Analysis Summary
CVE-2019-2707 & CVE-2019-2700
1) An error within the “Application Search” subcomponent can be exploited to disclose, update, insert, or delete certain data.
2) An error within the “Enterprise Learning Mgmt” subcomponent can be exploited to update, insert, or delete certain data.
Impact
- Exposure of sensitive information
- Manipulation of data
Affected Vendors
Oracle
Affected Products
Oracle PeopleSoft Enterprise Learning Management 9.2.
Remediation
Apply update.