Description
Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of Oracle PeopleSoft (component: Purchasing). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM Purchasing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise SCM Purchasing accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
Published: 2026-04-21
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: Unauthorized Data Access
Action: Patch Immediately
AI Analysis

Impact

The vulnerability resides in the Purchasing component of Oracle PeopleSoft Enterprise SCM Purchasing 9.2. An attacker with low privileges and network access through HTTP can exploit the flaw, resulting in unauthorized access to critical or all accessible data. The issue does not provide integrity or availability compromise; its primary effect is confidentiality loss.

Affected Systems

All installations of Oracle PeopleSoft Enterprise SCM Purchasing version 9.2 are affected. No sub‑edition or patch level details are provided beyond the base version, so any 9.2 deployment without the latest security updates should be considered vulnerable.

Risk and Exploitability

The CVSS v3.1 score of 6.5 indicates moderate severity with a confidentiality impact. The EPSS score is not available, but the flaw is listed as not in the CISA KEV catalog, suggesting no confirmed exploitation. Based on the description, the attack vector is likely network via HTTP, and a low privileged attacker can exploit the flaw without user interaction, making it reasonably easy to target.

Generated by OpenCVE AI on April 22, 2026 at 02:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Oracle PeopleSoft Enterprise SCM Purchasing 9.2 patch that addresses vulnerability CVE‑2026‑34295.
  • Configure network-level controls to restrict HTTP access to only trusted IP ranges or VPNs for the PeopleSoft service.
  • Enforce least‑privilege for application accounts and review access controls to prevent broader data exposure.

Generated by OpenCVE AI on April 22, 2026 at 02:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 03:00:00 +0000

Type Values Removed Values Added
Title Unauthorized Data Access via HTTP in Oracle PeopleSoft Enterprise SCM Purchasing
Weaknesses CWE-200
CWE-284

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of Oracle PeopleSoft (component: Purchasing). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM Purchasing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise SCM Purchasing accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
First Time appeared Oracle
Oracle peoplesoft Enterprise Scm Purchasing
CPEs cpe:2.3:a:oracle:peoplesoft_enterprise_scm_purchasing:9.2:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle peoplesoft Enterprise Scm Purchasing
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Oracle Peoplesoft Enterprise Scm Purchasing
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-04-21T20:35:28.790Z

Reserved: 2026-03-26T19:48:45.677Z

Link: CVE-2026-34295

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-21T21:16:34.477

Modified: 2026-04-21T21:16:34.477

Link: CVE-2026-34295

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T02:45:05Z

Weaknesses