Description
Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (component: Security). The supported version that is affected is 9.2.38. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise CS Campus Community. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise CS Campus Community. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
Published: 2026-06-16
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the Security component of Oracle PeopleSoft Enterprise CS Campus Community and allows an unauthenticated attacker with network access via HTTP to gain complete control of the application. The flaw grants full confidentiality, integrity and availability compromise, resulting in a total takeover of the PeopleSoft instance. The weakness stems from improper access control, permitting remote execution without authentication.

Affected Systems

Oracle Corporation's PeopleSoft Enterprise CS Campus Community version 9.2.38 is affected. No other versions or vendors are listed as impacted.

Risk and Exploitability

The CVSS score of 8.1 indicates a high severity attack with potential for loss of all data and service availability. The EPSS score of < 1% shows that exploitation is currently considered rare, but the lack of KEV listing does not reduce the inherent risk. Likely attack vector is an HTTP request sent to the vulnerable endpoint without authentication, exploiting the improper access control to assume full application control.

Generated by OpenCVE AI on June 17, 2026 at 20:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑issued patch for PeopleSoft Enterprise CS Campus Community 9.2.38 immediately.
  • If a patch is not yet available, restrict HTTP access to the application by implementing firewall rules or VPN-only connectivity to deny external unauthenticated traffic.
  • Configure application-level authentication and role‑based access control to prevent unauthenticated users from accessing privileged endpoints, thereby mitigating the improper access control flaw.

Generated by OpenCVE AI on June 17, 2026 at 20:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (component: Security). The supported version that is affected is 9.2.38. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise CS Campus Community. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise CS Campus Community. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
First Time appeared Oracle
Oracle peoplesoft Enterprise Cs Campus Community
CPEs cpe:2.3:a:oracle:peoplesoft_enterprise_cs_campus_community:9.2.38:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle peoplesoft Enterprise Cs Campus Community
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Oracle Peoplesoft Enterprise Cs Campus Community
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-17T14:10:33.751Z

Reserved: 2026-05-18T15:55:10.306Z

Link: CVE-2026-46851

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-16T23:15:16Z

Weaknesses

No weakness.