Impact
The flaw lies in the Deployment Package component of Oracle PeopleSoft Enterprise PT PeopleTools. An attacker who can log on to the underlying infrastructure can use the vulnerability to compromise the application, giving them total control over the instance. The consequence is complete loss of confidentiality, integrity and availability for that PeopleSoft deployment, as reflected by the CVSS 3.1 score of 8.4.
Affected Systems
Oracle Corporation’s PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.62 are affected. No other versions or components are listed as impacted.
Risk and Exploitability
The CVSS score signals a high‑severity condition while the EPSS under 1% indicates a low probability of exploitation in the wild, and the vulnerability is not yet in CISA’s KEV catalog. The likely attack vector is local, requiring logon to the infrastructure hosting the application, and no further privileges are needed once accessed. Successful exploitation would grant the attacker unrestricted control of the PeopleSoft instance.
OpenCVE Enrichment