Impact
A vulnerability in the PeopleSoft Enterprise PT PeopleTools Application Server allows an unauthenticated attacker with network access via HTTP to compromise the system. This missing‑authentication flaw, identified as CWE‑306, enables the attacker to bypass authentication controls. Successful exploitation can lead to a full takeover, resulting in complete loss of confidentiality, integrity, and availability for the affected system.
Affected Systems
Oracle PeopleSoft’s PeopleTools product, versions 8.61 and 8.62, is affected. The issue resides in the application server component of the product.
Risk and Exploitability
The vulnerability carries a CVSS 3.1 base score of 8.1, indicating high severity. The EPSS score is less than 1%, suggesting a low probability of exploitation at this time, and the issue is not listed in the CISA KEV catalog. The attack vector is inferred to be network-based, requiring HTTP connectivity to the vulnerable application server.
OpenCVE Enrichment