The issue lies in the Research Tracking component of Oracle PeopleSoft Enterprise CS Student Records 9.2, permitting a low‑privileged, network‑based attacker to compromise the system over HTTP. The flaw represents an improper access control weakness, as it allows an attacker to bypass authorization controls. Although the exploit requires human interaction from a user other than the attacker, the specific steps are not fully described. If successful, an attacker can read or potentially manipulate all data available in the PeopleSoft system, resulting in significant confidentiality loss.

Oracle Corporation's PeopleSoft Enterprise CS Student Records product, version 9.2, is affected. The vulnerability is limited to the Research Tracking component within that version.

The CVSS v3.1 base score of 5.7 indicates moderate risk, with a high impact on confidentiality. The EPSS score is not available, and the issue is not listed in the CISA KEV catalog, suggesting it is not a widely exploited vulnerability at present. The attacker must have low‑level network access and may need a target user to perform an action; the exact human interaction requirement is not specified, implying that the vulnerability could be targeted in environments where administrators or privileged users are inadvertently prompted. The attack vector is likely over the network via HTTP, and the exploit path relies on weaknesses in access control. Until mitigation is applied, the risk remains moderate but could worsen if additional attacker knowledge arises.