Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Network-reachable HTTP endpoint exploitable without credentials or user interaction (AV:N/AC:L/PR:N/UI:N); full read of PeopleTools data (C:H), partial write (I:L), no availability impact.
Primary rating from Vendor (oracle).
CVSS VectorVendor: oracle
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Lifecycle Timeline
1DescriptionCVE.org
Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Deployment Package). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PT PeopleTools accessible data as well as unauthorized update, insert or delete access to some of PeopleSoft Enterprise PT PeopleTools accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N).
AnalysisAI
Unauthorized data access and modification in Oracle PeopleSoft Enterprise PT PeopleTools 8.61 and 8.62 allows unauthenticated remote attackers to compromise the Deployment Package component over HTTP. The flaw yields complete read access to PeopleTools-accessible data and partial write (insert/update/delete) capability without any user interaction or credentials. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Target must be running Oracle PeopleSoft Enterprise PT PeopleTools 8.61 or 8.62 with the Deployment Package component reachable over HTTP from the attacker's network position; no credentials, no user interaction, and no special client configuration are required (AV:N/AC:L/PR:N/UI:N). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N scores 8.2 (High) and represents a genuinely easy-to-reach issue: network-reachable HTTP, no authentication, no user interaction, low attack complexity. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker scans the internet for PeopleSoft PIA front-ends, identifies a PeopleTools 8.61/8.62 instance, and sends crafted HTTP requests directly to the Deployment Package component without authenticating. They exfiltrate sensitive PeopleSoft data (HR records, financial data, configuration) and selectively insert, update, or delete a subset of records, potentially staging follow-on fraud or persistence. … |
| Remediation | Patch available per vendor advisory: apply the fixes listed in Oracle's June 2026 Critical Patch Update for PeopleSoft (https://www.oracle.com/security-alerts/cspujun2026.html) to PeopleTools 8.61 and 8.62 environments; Oracle has not published a separate hotfix version in the supplied data, so the CPU bundle is the authoritative remediation. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: isolate or restrict HTTP access to PeopleTools instances running 8.61/8.62 via network controls; block public HTTP exposure immediately. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Remote takeover of Oracle PeopleSoft Enterprise PT PeopleTools 8.61 and 8.62 is possible via the Performance Monitor com
Unauthenticated remote compromise of Oracle PeopleSoft Enterprise PT PeopleTools 8.61 and 8.62 via the WebLogic componen
Full compromise of Oracle PeopleSoft Enterprise PT PeopleTools 8.61 and 8.62 is possible via the Deployment Package comp
Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Health Center). Rated
Privilege escalation and full takeover in Oracle PeopleSoft Enterprise PT PeopleTools 8.61 and 8.62 (Deployment Package
Remote takeover of Oracle PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.62 is possible via the Application Se
Remote takeover of Oracle PeopleSoft Enterprise PT PeopleTools 8.61 and 8.62 is possible via the Deployment Package comp
Remote takeover of Oracle PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.62 is possible via the Performance Mo
The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop w
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for a
Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: PsAdmin
Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Notification Configur
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37404