Description
Vulnerability in the PeopleSoft Enterprise CS Student Financials product of Oracle PeopleSoft (component: Other). The supported version that is affected is 9.2.38. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CS Student Financials. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise CS Student Financials accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise CS Student Financials accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).
Published: 2026-06-16
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability in Oracle PeopleSoft Enterprise CS Student Financials, classified as a privilege escalation (CWE-284), permits an attacker with low privileges and network access through HTTP to create, delete, or alter critical data, thereby compromising confidentiality and integrity. The flaw is exposed via an easily exploitable code path that does not require user interaction, and the CVSS score of 8.1 reflects significant impact across both confidentiality and integrity dimensions.

Affected Systems

The affected product is Oracle PeopleSoft Enterprise CS Student Financials version 9.2.38. Attackers can reach the vulnerable component over standard HTTP traffic, targeting the web interface that manages student financial records.

Risk and Exploitability

The CVSS Base Score of 8.1 indicates a high severity issue, yet the EPSS score of less than 1% suggests that the likelihood of exploitation remains low at present. Because the flaw does not appear in CISA’s KEV catalog, it is not known to be actively used by threat actors, but the combination of local low‑privilege access and remote HTTP exposure makes it a plausible attack vector for attackers looking to gain unauthorized data modification capabilities.

Generated by OpenCVE AI on June 17, 2026 at 22:17 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Oracle PeopleSoft security patch for version 9.2.38 to address the vulnerability.
  • Restrict HTTP access to the PeopleSoft application by limiting connectivity to trusted IP ranges or internal networks only.
  • Enforce strict user privilege controls, ensuring that accounts accessing the Student Financials module have the minimum permissions required and that account lockout policies are in place.

Generated by OpenCVE AI on June 17, 2026 at 22:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title Unrestricted Data Modification via Low‑Privilege Network Access in Oracle PeopleSoft Student Financials
Weaknesses CWE-284
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the PeopleSoft Enterprise CS Student Financials product of Oracle PeopleSoft (component: Other). The supported version that is affected is 9.2.38. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CS Student Financials. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise CS Student Financials accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise CS Student Financials accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).
First Time appeared Oracle
Oracle peoplesoft Enterprise Cs Student Financials
CPEs cpe:2.3:a:oracle:peoplesoft_enterprise_cs_student_financials:9.2.38:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle peoplesoft Enterprise Cs Student Financials
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}


Subscriptions

Oracle Peoplesoft Enterprise Cs Student Financials
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-23T03:55:51.745Z

Reserved: 2026-05-18T15:55:10.306Z

Link: CVE-2026-46849

cve-icon Vulnrichment

Updated: 2026-06-17T14:01:29.986Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T09:45:06Z

Weaknesses