Description
Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Performance Monitor). Supported versions that are affected are 8.61 and 8.62. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PT PeopleTools. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
Published: 2026-06-16
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the Performance Monitor component of Oracle PeopleSoft Enterprise PT PeopleTools allows an unauthenticated attacker with network access through HTTP to gain full control over the application. The vulnerability can lead to a complete takeover, compromising confidentiality, integrity, and availability. It is classified as a high‑severity issue with a CVSS v3.1 Base Score of 8.1, indicating that a successful exploit can result in remote code execution and system compromise.

Affected Systems

Affected versions are Oracle PeopleSoft Enterprise PT PeopleTools 8.61 and 8.62. Any installation of these releases is vulnerable until a patch is applied.

Risk and Exploitability

The CVSS score of 8.1 points to significant risk, while the EPSS score of less than 1% suggests that exploitation is not yet widespread. The vulnerability is not listed in CISA’s KEV catalog, indicating no known public exploits. The attack vector is inferred to be remote over HTTP, requiring no authentication, and requires an attacker to be able to send HTTP requests to the application. Successful exploitation would grant the attacker full control over the PeopleSoft instance.

Generated by OpenCVE AI on June 18, 2026 at 23:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Oracle PeopleSoft Enterprise PT PeopleTools patch for versions 8.61 and 8.62 as detailed in the Oracle security advisory.
  • If a patch is not yet available, restrict network access to the PeopleSoft application by firewall rules so that only trusted internal networks can reach the HTTP interface.
  • Configure the Performance Monitor component to require authenticated access and enforce least privilege if such settings exist.
  • Monitor application logs for unusual or unauthenticated Performance Monitor requests to detect potential exploitation attempts.

Generated by OpenCVE AI on June 18, 2026 at 23:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 23:45:00 +0000

Type Values Removed Values Added
Title Remote Code Execution via Performance Monitor in Oracle PeopleSoft Enterprise PT PeopleTools 8.61/8.62

Thu, 18 Jun 2026 22:45:00 +0000

Type Values Removed Values Added
Title Unauthenticated Remote Code Execution via Performance Monitor in Oracle PeopleSoft Enterprise PT PeopleTools 8.61/8.62
Weaknesses CWE-284
CWE-287

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title Unauthenticated Remote Code Execution via Performance Monitor in Oracle PeopleSoft Enterprise PT PeopleTools 8.61/8.62
Weaknesses CWE-284
CWE-287
CWE-306
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Performance Monitor). Supported versions that are affected are 8.61 and 8.62. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PT PeopleTools. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
First Time appeared Oracle
Oracle peoplesoft Enterprise Pt Peopletools
CPEs cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.61:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.62:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle peoplesoft Enterprise Pt Peopletools
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}


Subscriptions

Oracle Peoplesoft Enterprise Pt Peopletools
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-18T03:56:40.317Z

Reserved: 2026-04-01T20:03:40.835Z

Link: CVE-2026-35279

cve-icon Vulnrichment

Updated: 2026-06-17T13:52:10.923Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T23:30:16Z

Weaknesses
  • CWE-306

    Missing Authentication for Critical Function