Impact
A defect in the Updates Environment Management component of Oracle PeopleSoft Enterprise PeopleTools versions 8.61 and 8.62 allows an unauthenticated attacker with network access over HTTP to execute arbitrary code and ultimately take over the application. This vulnerability is exploited easily and causes loss of confidentiality, integrity, and availability, with the attacker gaining full control of the affected system. The weakness is an authentication bypass, identified as CWE-306. It is inferred that the ability to execute arbitrary code results in remote code execution.
Affected Systems
The affected systems are Oracle Corporation’s PeopleSoft Enterprise PeopleTools, specifically the 8.61 and 8.62 releases.
Risk and Exploitability
This flaw carries a CVSS 3.1 base score of 9.8 and an EPSS score of 92 percent, indicating a high probability of exploitation. It is listed in the CISA KEV catalog, which suggests it has been reported or is actively exploited in the wild. Because the vulnerability can be triggered via an unauthenticated HTTP request, a real‑world attacker could compromise multiple systems with minimal effort.
OpenCVE Enrichment