Impact
A vulnerability in Oracle PeopleSoft Enterprise CS Student Financials, classified as a privilege escalation (CWE-284), permits an attacker with low privileges and network access through HTTP to create, delete, or alter critical data, thereby compromising confidentiality and integrity. The flaw is exposed via an easily exploitable code path that does not require user interaction, and the CVSS score of 8.1 reflects significant impact across both confidentiality and integrity dimensions.
Affected Systems
The affected product is Oracle PeopleSoft Enterprise CS Student Financials version 9.2.38. Attackers can reach the vulnerable component over standard HTTP traffic, targeting the web interface that manages student financial records.
Risk and Exploitability
The CVSS Base Score of 8.1 indicates a high severity issue, yet the EPSS score of less than 1% suggests that the likelihood of exploitation remains low at present. Because the flaw does not appear in CISA’s KEV catalog, it is not known to be actively used by threat actors, but the combination of local low‑privilege access and remote HTTP exposure makes it a plausible attack vector for attackers looking to gain unauthorized data modification capabilities.
OpenCVE Enrichment