Description
Vulnerability in the PeopleSoft Enterprise FIN Maintenance Management product of Oracle PeopleSoft (component: Work Order Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Maintenance Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise FIN Maintenance Management accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
Published: 2026-04-21
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized data access
Action: Apply Patch
AI Analysis

Impact

A vulnerability in the Work Order Management component of Oracle PeopleSoft Enterprise FIN Maintenance Management allows a low‑privileged attacker who can reach the application over HTTP to compromise the system. The flaw enables the attacker to read all data exposed by the application, resulting in the disclosure of sensitive financial information. The CVE description does not explicitly state the weakness type; it is inferred that improper access control or authentication is involved, but this inference is not guaranteed.

Affected Systems

Oracle’s PeopleSoft Enterprise FIN Maintenance Management version 9.2, specifically the Work Order Management component, is affected.

Risk and Exploitability

The CVSS 3.1 base score of 6.5 reflects a medium‑severity risk with a low privilege requirement and a network attack vector. EPSS data is unavailable, so the current exploitation probability is unknown, and the vulnerability is not listed in the CISA KEV catalog. Because an attacker only needs network access to the HTTP interface and does not require high privileges, the exploit path is relatively simple, making this a viable threat for environments where the PeopleSoft instance is exposed to untrusted networks.

Generated by OpenCVE AI on April 22, 2026 at 06:34 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Oracle security patch for PeopleSoft Enterprise FIN Maintenance Management 9.2 as released by Oracle on or after April 2026
  • Restrict HTTP access to the vulnerable component using firewall or reverse‑proxy rules to allow traffic only from trusted IP ranges
  • Review and enforce strict role‑based access controls and ensure authentication is mandatory for any data retrieval operation

Generated by OpenCVE AI on April 22, 2026 at 06:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 22 Apr 2026 07:00:00 +0000

Type Values Removed Values Added
Title Network‑Based Low‑Privilege Data Access in Oracle PeopleSoft FIN Management
Weaknesses CWE-284

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description Vulnerability in the PeopleSoft Enterprise FIN Maintenance Management product of Oracle PeopleSoft (component: Work Order Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Maintenance Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise FIN Maintenance Management accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
First Time appeared Oracle
Oracle peoplesoft Enterprise Fin Maintenance Management
CPEs cpe:2.3:a:oracle:peoplesoft_enterprise_fin_maintenance_management:9.2:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle peoplesoft Enterprise Fin Maintenance Management
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Oracle Peoplesoft Enterprise Fin Maintenance Management
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-04-22T13:32:31.793Z

Reserved: 2026-03-26T19:48:45.678Z

Link: CVE-2026-34299

cve-icon Vulnrichment

Updated: 2026-04-22T13:32:20.991Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-21T21:16:35.020

Modified: 2026-04-24T14:28:29.457

Link: CVE-2026-34299

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T06:45:10Z

Weaknesses