Impact
A flaw in the Deployment Package component of Oracle PeopleSoft Enterprise PT PeopleTools permits an unauthenticated attacker who can reach the system over HTTPS to bypass authentication controls and gain full control over the application. The vulnerability poses a high‑impact risk, compromising confidentiality, integrity, and availability of the PeopleSoft environment. The weakness corresponds to CWE‑306, indicating inadequate security control.
Affected Systems
Oracle PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.62 are affected. No other versions or variants are listed as vulnerable.
Risk and Exploitability
The CVSS 3.1 base score of 8.1 indicates high severity, while the EPSS score of less than 1% suggests a low likelihood of exploitation at present. The vulnerability is not listed in CISA’s KEV catalog. Attackers would need to establish an HTTPS session against the deployment package endpoint; the description indicates that exploitation is difficult, implying that specific inputs or conditions are required, though the exact vector is not detailed.
OpenCVE Enrichment