Description
Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Deployment Package). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PT PeopleTools accessible data as well as unauthorized update, insert or delete access to some of PeopleSoft Enterprise PT PeopleTools accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N).
Published: 2026-06-16
Score: 8.2 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Unauthenticated network requests to the Deployment Package component of Oracle PeopleSoft Enterprise PT PeopleTools allow an attacker to read or modify critical data without authentication. The vulnerability is exploitable over HTTP and can expose confidential information (Confidentiality Impact: High) and enable data tampering (Integrity Impact: Low). The severity is reflected in a CVSS 3.1 Base Score of 8.2.

Affected Systems

Oracle PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.62 are affected. No other versions were listed as vulnerable.

Risk and Exploitability

The vulnerability has an Attack Vector of Network, Access Complexity of Low, no Privileges Required, no User Interaction, and is Unchanged Scope. The EPSS score is under 1%, indicating a low probability of exploitation in the wild, and it is not listed in the CISA KEV catalog. Attackers can target the publicly reachable Deployment Package endpoint to extract or alter data, assuming the application is exposed to the internet or an internal network without additional defenses.

Generated by OpenCVE AI on June 17, 2026 at 20:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Oracle security patch that addresses CVE-2026-35274.
  • Restrict network access to the PeopleSoft application by configuring firewall rules or VPN to allow only trusted hosts.
  • Disable or secure the Deployment Package component if it is not required for operations.

Generated by OpenCVE AI on June 17, 2026 at 20:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Deployment Package). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PT PeopleTools accessible data as well as unauthorized update, insert or delete access to some of PeopleSoft Enterprise PT PeopleTools accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N).
First Time appeared Oracle
Oracle peoplesoft Enterprise Pt Peopletools
CPEs cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.61:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.62:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle peoplesoft Enterprise Pt Peopletools
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

Subscriptions

Oracle Peoplesoft Enterprise Pt Peopletools
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-17T14:14:53.606Z

Reserved: 2026-04-01T20:03:40.835Z

Link: CVE-2026-35274

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-16T22:00:12Z

Weaknesses

No weakness.