Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Network HTTPS access required with high-privilege credentials; complete data confidentiality and integrity impact per Oracle; no availability impact stated.
Primary rating from Vendor (oracle).
CVSS VectorVendor: oracle
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
1DescriptionCVE.org
Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (component: Integration and Interfaces). The supported version that is affected is 9.2.38. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromise PeopleSoft Enterprise CS Campus Community. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise CS Campus Community accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise CS Campus Community accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N).
AnalysisAI
Unauthorized data access and manipulation in Oracle PeopleSoft Enterprise CS Campus Community 9.2.38 allows a high-privileged attacker to read, create, modify, or delete all data within the Campus Community system via HTTPS. The flaw resides in the Integration and Interfaces component, where insufficient authorization controls permit elevated but unintended operations beyond a user's legitimate role scope. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to possess high-privileged credentials (PR:H per the CVSS vector) with network access to the PeopleSoft Enterprise CS Campus Community 9.2.38 system over HTTPS. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 score of 6.5 with vector AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N presents a nuanced risk profile. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with a compromised or malicious high-privileged PeopleSoft administrator account sends crafted HTTPS requests to the Integration and Interfaces component of Campus Community 9.2.38, exploiting insufficient authorization controls to access data or perform operations beyond their legitimate role permissions. The attacker exfiltrates sensitive student records - including financial, enrollment, or personal data - or modifies critical institutional data without detection if audit logging on the integration layer is insufficient. … |
| Remediation | Apply the patch provided in Oracle's Critical Patch Update for June 2026, available at https://www.oracle.com/security-alerts/cspujun2026.html. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Remote takeover of Oracle PeopleSoft Enterprise CS Campus Community 9.2.38 is possible via the Security component, where
Vulnerability in the PeopleSoft Enterprise CS Campus Community component of Oracle PeopleSoft Products (subcomponent: Fr
Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (component: Integration and
Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (component: Notification Fra
Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (component: Self-Service). R
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37288