Description
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
Published: 2026-04-21
Score: 6.1 Medium
EPSS: n/a
KEV: No
Impact: Unauthorized Data Modification and Read
Action: Apply Patch
AI Analysis

Impact

The portal component of Oracle PeopleSoft Enterprise PeopleTools contains an unauthenticated vulnerability that can be triggered through HTTP requests. Successful exploitation requires that a human other than the attacker performs interaction, such as clicking a link or submitting a form. When leveraged, the flaw permits an attacker to update, insert, or delete data and to read a subset of data that should be protected, thereby affecting confidentiality and integrity. The CVSS 3.1 base score of 6.1 indicates moderate severity, with impacts limited to confidentiality and integrity and no availability loss.

Affected Systems

Oracle Corporation’s PeopleSoft Enterprise PeopleTools, specifically the Portal component in versions 8.61 through 8.62. The vulnerability exists in the PeopleSoft Enterprise PeopleTools product as shipped in these releases.

Risk and Exploitability

The CVSS score of 6.1 classifies the flaw as moderate, while the absence of an EPSS score and the KEV designation suggest no widely known exploitation at this time. Attackers must have network access and can exploit the flaw via normal HTTP traffic to the portal; however, success still requires UI interaction by a user who is not the attacker, which raises the barrier to full exploitation. Overall, the risk is moderate but remains actionable because the flaw affects critical business data and could impact additional products if the scope changes.

Generated by OpenCVE AI on April 22, 2026 at 05:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest security patch for PeopleSoft Enterprise PeopleTools that addresses the unauthenticated portal vulnerability, ensuring that the deployment is upgraded from versions 8.61 or 8.62 to a patched release.
  • Restrict direct HTTP access to the PeopleSoft Portal by implementing network segmentation, firewall rules, or a reverse‑proxy that requires authentication before any portal content can be reached.
  • Enforce stringent access‑control policies on all data‑modification endpoints within PeopleSoft. Verify that only authenticated, authorized users can perform update, insert, or delete operations, and monitor for any anomalous activity.

Generated by OpenCVE AI on April 22, 2026 at 05:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 03:00:00 +0000

Type Values Removed Values Added
Title Unauthenticated Portal Access Enables Unauthorized Data Modification in Oracle PeopleSoft PeopleTools
Weaknesses CWE-200
CWE-284
CWE-285

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
First Time appeared Oracle
Oracle peoplesoft Enterprise Peopletools
CPEs cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:*:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle peoplesoft Enterprise Peopletools
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

Subscriptions

Oracle Peoplesoft Enterprise Peopletools
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-04-21T20:35:14.651Z

Reserved: 2026-03-26T19:48:45.674Z

Link: CVE-2026-34269

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-21T21:16:30.557

Modified: 2026-04-21T21:16:30.557

Link: CVE-2026-34269

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T05:15:06Z

Weaknesses