Description
Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Deployment Package). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PT PeopleTools executes to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PT PeopleTools. CVSS 3.1 Base Score 8.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Published: 2026-06-16
Score: 8.4 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw lies in the Deployment Package component of Oracle PeopleSoft Enterprise PT PeopleTools. An attacker who can log on to the underlying infrastructure can use the vulnerability to compromise the application, giving them total control over the instance. The consequence is complete loss of confidentiality, integrity and availability for that PeopleSoft deployment, as reflected by the CVSS 3.1 score of 8.4.

Affected Systems

Oracle Corporation’s PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.62 are affected. No other versions or components are listed as impacted.

Risk and Exploitability

The CVSS score signals a high‑severity condition while the EPSS under 1% indicates a low probability of exploitation in the wild, and the vulnerability is not yet in CISA’s KEV catalog. The likely attack vector is local, requiring logon to the infrastructure hosting the application, and no further privileges are needed once accessed. Successful exploitation would grant the attacker unrestricted control of the PeopleSoft instance.

Generated by OpenCVE AI on June 18, 2026 at 23:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Oracle advisory patch that addresses the Deployment Package vulnerability for PeopleSoft Enterprise PT PeopleTools 8.61 and 8.62.
  • Upgrade to a supported PeopleSoft Enterprise PT PeopleTools release that is not susceptible to this flaw.
  • Restrict physical and network access to the servers running the affected components and enforce strict authentication and role‑based access controls to limit local logon rights.

Generated by OpenCVE AI on June 18, 2026 at 23:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 19 Jun 2026 00:00:00 +0000

Type Values Removed Values Added
Title PeopleSoft Enterprise PT PeopleTools Unauthenticated Local Exploit Leading to Full System Compromise

Thu, 18 Jun 2026 22:45:00 +0000

Type Values Removed Values Added
Title Local Exploit Enables Full Takeover of Oracle PeopleSoft Enterprise PT PeopleTools
Weaknesses CWE-264
CWE-862

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title Local Exploit Enables Full Takeover of Oracle PeopleSoft Enterprise PT PeopleTools
Weaknesses CWE-264
CWE-269
CWE-862
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Deployment Package). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PT PeopleTools executes to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PT PeopleTools. CVSS 3.1 Base Score 8.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
First Time appeared Oracle
Oracle peoplesoft Enterprise Pt Peopletools
CPEs cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.61:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.62:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle peoplesoft Enterprise Pt Peopletools
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


Subscriptions

Oracle Peoplesoft Enterprise Pt Peopletools
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-18T03:56:35.967Z

Reserved: 2026-04-01T20:03:40.835Z

Link: CVE-2026-35272

cve-icon Vulnrichment

Updated: 2026-06-17T14:11:40.623Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T23:45:16Z

Weaknesses
  • CWE-269

    Improper Privilege Management