Peoplesoft Enterprise Cs Campus Community
Monthly
Unauthorized data access and manipulation in Oracle PeopleSoft Enterprise CS Campus Community 9.2.38 allows a high-privileged attacker to read, create, modify, or delete all data within the Campus Community system via HTTPS. The flaw resides in the Integration and Interfaces component, where insufficient authorization controls permit elevated but unintended operations beyond a user's legitimate role scope. No public exploit code exists and this vulnerability is not listed in the CISA KEV catalog at time of analysis; however, the complete Confidentiality and Integrity impact on student and institutional data makes patching a priority for higher education organizations.
Remote takeover of Oracle PeopleSoft Enterprise CS Campus Community 9.2.38 is possible via the Security component, where an unauthenticated attacker reaching the application over HTTP can fully compromise confidentiality, integrity, and availability. Oracle scores this 8.1 with high attack complexity, indicating non-trivial preconditions rather than a trivial mass-exploit primitive. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.
Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (component: Notification Framework). Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity.
Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (component: Integration and Interfaces). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (component: Self-Service). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Vulnerability in the PeopleSoft Enterprise CS Campus Community component of Oracle PeopleSoft Products (subcomponent: Frameworks). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Unauthorized data access and manipulation in Oracle PeopleSoft Enterprise CS Campus Community 9.2.38 allows a high-privileged attacker to read, create, modify, or delete all data within the Campus Community system via HTTPS. The flaw resides in the Integration and Interfaces component, where insufficient authorization controls permit elevated but unintended operations beyond a user's legitimate role scope. No public exploit code exists and this vulnerability is not listed in the CISA KEV catalog at time of analysis; however, the complete Confidentiality and Integrity impact on student and institutional data makes patching a priority for higher education organizations.
Remote takeover of Oracle PeopleSoft Enterprise CS Campus Community 9.2.38 is possible via the Security component, where an unauthenticated attacker reaching the application over HTTP can fully compromise confidentiality, integrity, and availability. Oracle scores this 8.1 with high attack complexity, indicating non-trivial preconditions rather than a trivial mass-exploit primitive. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.
Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (component: Notification Framework). Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity.
Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (component: Integration and Interfaces). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (component: Self-Service). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Vulnerability in the PeopleSoft Enterprise CS Campus Community component of Oracle PeopleSoft Products (subcomponent: Frameworks). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.