Skip to main content

PeopleSoft Campus Community CVE-2026-46979

| EUVDEUVD-2026-37288 MEDIUM
Improper Access Control (CWE-284)
2026-06-16 oracle
6.5
CVSS 3.1 · Vendor: oracle
Share

Severity by source

Vendor (oracle) PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
vuln.today AI
6.5 MEDIUM

Network HTTPS access required with high-privilege credentials; complete data confidentiality and integrity impact per Oracle; no availability impact stated.

3.1 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
4.0 AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (oracle).

CVSS VectorVendor: oracle

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jun 17, 2026 - 00:20 vuln.today

DescriptionCVE.org

Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (component: Integration and Interfaces). The supported version that is affected is 9.2.38. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromise PeopleSoft Enterprise CS Campus Community. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise CS Campus Community accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise CS Campus Community accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N).

AnalysisAI

Unauthorized data access and manipulation in Oracle PeopleSoft Enterprise CS Campus Community 9.2.38 allows a high-privileged attacker to read, create, modify, or delete all data within the Campus Community system via HTTPS. The flaw resides in the Integration and Interfaces component, where insufficient authorization controls permit elevated but unintended operations beyond a user's legitimate role scope. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain high-privileged PeopleSoft account credentials
Delivery
Establish HTTPS connection to Campus Community Integration and Interfaces
Exploit
Send crafted integration or API request
Execution
Bypass authorization controls in integration layer
Impact
Read or modify all accessible Campus Community data

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to possess high-privileged credentials (PR:H per the CVSS vector) with network access to the PeopleSoft Enterprise CS Campus Community 9.2.38 system over HTTPS. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 score of 6.5 with vector AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N presents a nuanced risk profile. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with a compromised or malicious high-privileged PeopleSoft administrator account sends crafted HTTPS requests to the Integration and Interfaces component of Campus Community 9.2.38, exploiting insufficient authorization controls to access data or perform operations beyond their legitimate role permissions. The attacker exfiltrates sensitive student records - including financial, enrollment, or personal data - or modifies critical institutional data without detection if audit logging on the integration layer is insufficient. …
Remediation Apply the patch provided in Oracle's Critical Patch Update for June 2026, available at https://www.oracle.com/security-alerts/cspujun2026.html. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-46979 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy