CVE-2024-21255

Summary

CVE-2024-21255 is a vulnerability found in Oracle's PeopleSoft Enterprise PeopleTools, specifically affecting versions 8.59, 8.60, and 8.61 of the XMLPublisher component. This easily exploitable vulnerability can be accessed by low-privileged attackers over HTTP, potentially allowing them to take control of the PeopleSoft system. The CVSS 3.1 base score for this vulnerability is 8.8, indicating high severity with significant impacts on confidentiality, integrity, and availability. Organizations are advised to apply patches provided by Oracle to remediate this issue effectively and mitigate risks associated with data breaches or system compromises. The attack complexity is low, and no user interaction is required for exploitation, heightening the threat level posed to affected systems.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.