Description
Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft (component: Job Profile Manager). The supported version that is affected is 9.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Human Resources. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise HCM Human Resources accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise HCM Human Resources accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N).
Published: 2026-04-21
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized data modification and disclosure
Action: Apply Patch
AI Analysis

Impact

The vulnerability in Oracle PeopleSoft Enterprise HCM Human Resources allows a high‑privileged attacker with network access via HTTP to exploit the Job Profile Manager component and create, delete, or modify critical data, or gain full access to all accessible data. The flaw can be leveraged without user interaction and compromises confidentiality and integrity.

Affected Systems

Oracle PeopleSoft Enterprise HCM Human Resources version 9.2 is affected. No other versions or vendor products are listed as vulnerable.

Risk and Exploitability

The CVSS 3.1 base score of 6.5 indicates moderate severity, with high‑privileged authentication required and no user interaction. The EPSS score of < 1% indicates a very low but non‑zero exploitation probability, and the vulnerability is not included in the CISA KEV catalog. Attackers would need network access to the HTTP interface of the PeopleSoft instance and possession of application‑level credentials or privileges that exceed normal user rights. Because the flaw permits direct manipulation of critical data, a successful exploit could lead to significant confidentiality and integrity impact for the affected organization.

Generated by OpenCVE AI on April 28, 2026 at 16:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any available Oracle patch or update for PeopleSoft Enterprise HCM 9.2 as recommended by Oracle.
  • Restrict inbound HTTP traffic to the PeopleSoft servers to trusted IPs or VPN connections, enforcing network segmentation.
  • Enforce least‑privilege on application accounts and review job profile permissions; monitor audit logs for anomalous modifications.

Generated by OpenCVE AI on April 28, 2026 at 16:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Title High-Privilege HTTP Exploit in Oracle PeopleSoft Enterprise HCM Job Profile Manager Allows Unauthorized Data Modification

Mon, 27 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Title High‑Privilege HTTP Access Allows Unauthorized Data Modification in Oracle PeopleSoft HCM 9.2
Weaknesses CWE-269

Wed, 22 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-306
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 22 Apr 2026 03:00:00 +0000

Type Values Removed Values Added
Title High‑Privilege HTTP Access Allows Unauthorized Data Modification in Oracle PeopleSoft HCM 9.2
Weaknesses CWE-269

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft (component: Job Profile Manager). The supported version that is affected is 9.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Human Resources. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise HCM Human Resources accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise HCM Human Resources accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N).
First Time appeared Oracle
Oracle peoplesoft Enterprise Hcm Human Resources
CPEs cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_human_resources:9.2:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle peoplesoft Enterprise Hcm Human Resources
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N'}

Subscriptions

Oracle Peoplesoft Enterprise Hcm Human Resources
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-04-22T14:20:08.398Z

Reserved: 2026-03-26T19:48:45.675Z

Link: CVE-2026-34280

cve-icon Vulnrichment

Updated: 2026-04-22T14:20:03.367Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-21T21:16:32.340

Modified: 2026-04-23T15:07:57.687

Link: CVE-2026-34280

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T16:15:20Z

Weaknesses