Skip to main content

Peoplesoft Enterprise Pt Peopletools

14 CVEs product

Monthly

CVE-2026-35289 HIGH This Week

Remote takeover of Oracle PeopleSoft Enterprise PT PeopleTools 8.61 and 8.62 is possible via the Deployment Package component, allowing an unauthenticated network attacker to fully compromise confidentiality, integrity, and availability of the application. Oracle rates this as difficult to exploit (AC:H) but assigns a CVSS 3.1 score of 8.1 due to the complete takeover impact. No public exploit identified at time of analysis, and the CVE is not currently listed in CISA KEV.

Oracle Peoplesoft Enterprise Pt Peopletools Authentication Bypass
NVD VulDB
CVSS 3.1
8.1
EPSS
0.4%
CVE-2026-35288 HIGH This Week

Privilege escalation and full takeover in Oracle PeopleSoft Enterprise PT PeopleTools 8.61 and 8.62 (Deployment Package component) allows a high-privileged attacker with logon access to the underlying infrastructure to fully compromise PeopleTools with a scope change that impacts additional products. Oracle rates this CVSS 8.2 and confirms it is easily exploitable once the attacker has the required local privileges. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Oracle Peoplesoft Enterprise Pt Peopletools Privilege Escalation
NVD VulDB
CVSS 3.1
8.2
EPSS
0.2%
CVE-2026-35279 HIGH This Week

Remote takeover of Oracle PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.62 is possible via the Performance Monitor component, where an unauthenticated network attacker can compromise the application over HTTP. Although Oracle classifies the issue as difficult to exploit (AC:H), successful attacks yield full confidentiality, integrity, and availability impact with a CVSS 3.1 base score of 8.1. There is no public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Oracle Peoplesoft Enterprise Pt Peopletools Authentication Bypass
NVD VulDB
CVSS 3.1
8.1
EPSS
0.4%
CVE-2026-35278 CRITICAL Act Now

Remote takeover of Oracle PeopleSoft Enterprise PT PeopleTools 8.61 and 8.62 is possible via the Performance Monitor component, allowing unauthenticated network attackers to fully compromise confidentiality, integrity, and availability of the application. Oracle rates the issue 9.8 critical and describes it as easily exploitable over HTTP, though no public exploit identified at time of analysis and the flaw is not currently listed in CISA KEV.

Oracle Peoplesoft Enterprise Pt Peopletools Authentication Bypass
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2026-35276 HIGH This Week

Remote takeover of Oracle PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.62 is possible via the Application Server component, where an unauthenticated attacker with HTTP network access can compromise confidentiality, integrity, and availability. Oracle rates the flaw CVSS 8.1 with high attack complexity, and no public exploit identified at time of analysis. The vulnerability is addressed in Oracle's June 2026 Critical Patch Update (CPU).

Oracle Peoplesoft Enterprise Pt Peopletools Authentication Bypass
NVD VulDB
CVSS 3.1
8.1
EPSS
0.4%
CVE-2026-35274 HIGH This Week

Unauthorized data access and modification in Oracle PeopleSoft Enterprise PT PeopleTools 8.61 and 8.62 allows unauthenticated remote attackers to compromise the Deployment Package component over HTTP. The flaw yields complete read access to PeopleTools-accessible data and partial write (insert/update/delete) capability without any user interaction or credentials. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but the low attack complexity and network reachability make it a high-priority patching target.

Authentication Bypass Oracle Peoplesoft Enterprise Pt Peopletools
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2026-35272 HIGH This Week

Full compromise of Oracle PeopleSoft Enterprise PT PeopleTools 8.61 and 8.62 is possible via the Deployment Package component, where an unauthenticated attacker with logon access to the underlying host can take over the PeopleTools instance. Oracle rates this 8.4 CVSS with full confidentiality, integrity and availability impact, and no public exploit identified at time of analysis. The local attack vector keeps remote internet-based mass exploitation unlikely, but any user who can log on to the PeopleTools server should be treated as a critical risk.

Oracle Peoplesoft Enterprise Pt Peopletools Privilege Escalation
NVD VulDB
CVSS 3.1
8.4
EPSS
0.2%
CVE-2026-35271 HIGH This Week

Unauthenticated remote compromise of Oracle PeopleSoft Enterprise PT PeopleTools 8.61 and 8.62 via the WebLogic component allows attackers with HTTP access to read and modify critical data across PeopleTools and additional products in scope. Oracle rates the issue 8.7 CVSS 3.1 with high attack complexity but no privileges or user interaction, and the scope-change flag means impact extends beyond PeopleTools itself. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Authentication Bypass Oracle Peoplesoft Enterprise Pt Peopletools
NVD
CVSS 3.1
8.7
EPSS
0.3%
CVE-2021-2408 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Notification Configuration). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Peoplesoft Enterprise Pt Peopletools
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-2218 HIGH PATCH This Week

Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Health Center). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Peoplesoft Enterprise Pt Peopletools
NVD
CVSS 3.1
8.3
EPSS
1.3%
CVE-2020-13956 Maven MEDIUM PATCH This Month

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Httpclient Quarkus Data Integrator +14
NVD
CVSS 3.1
5.3
EPSS
8.7%
CVE-2019-12402 Maven HIGH PATCH This Week

The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apache Commons Compress Fedora Banking Payments +16
NVD
CVSS 3.1
7.5
EPSS
16.2%
CVE-2019-10086 Maven HIGH PATCH This Week

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Java Apache Deserialization Commons Beanutils Nifi +58
NVD
CVSS 3.1
7.3
EPSS
28.8%
CVE-2018-2793 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: PsAdmin). Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Pt Peopletools
NVD
CVSS 3.0
6.2
EPSS
0.5%
EPSS 0% CVSS 8.1
HIGH This Week

Remote takeover of Oracle PeopleSoft Enterprise PT PeopleTools 8.61 and 8.62 is possible via the Deployment Package component, allowing an unauthenticated network attacker to fully compromise confidentiality, integrity, and availability of the application. Oracle rates this as difficult to exploit (AC:H) but assigns a CVSS 3.1 score of 8.1 due to the complete takeover impact. No public exploit identified at time of analysis, and the CVE is not currently listed in CISA KEV.

Oracle Peoplesoft Enterprise Pt Peopletools Authentication Bypass
NVD VulDB
EPSS 0% CVSS 8.2
HIGH This Week

Privilege escalation and full takeover in Oracle PeopleSoft Enterprise PT PeopleTools 8.61 and 8.62 (Deployment Package component) allows a high-privileged attacker with logon access to the underlying infrastructure to fully compromise PeopleTools with a scope change that impacts additional products. Oracle rates this CVSS 8.2 and confirms it is easily exploitable once the attacker has the required local privileges. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Oracle Peoplesoft Enterprise Pt Peopletools Privilege Escalation
NVD VulDB
EPSS 0% CVSS 8.1
HIGH This Week

Remote takeover of Oracle PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.62 is possible via the Performance Monitor component, where an unauthenticated network attacker can compromise the application over HTTP. Although Oracle classifies the issue as difficult to exploit (AC:H), successful attacks yield full confidentiality, integrity, and availability impact with a CVSS 3.1 base score of 8.1. There is no public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Oracle Peoplesoft Enterprise Pt Peopletools Authentication Bypass
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

Remote takeover of Oracle PeopleSoft Enterprise PT PeopleTools 8.61 and 8.62 is possible via the Performance Monitor component, allowing unauthenticated network attackers to fully compromise confidentiality, integrity, and availability of the application. Oracle rates the issue 9.8 critical and describes it as easily exploitable over HTTP, though no public exploit identified at time of analysis and the flaw is not currently listed in CISA KEV.

Oracle Peoplesoft Enterprise Pt Peopletools Authentication Bypass
NVD VulDB
EPSS 0% CVSS 8.1
HIGH This Week

Remote takeover of Oracle PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.62 is possible via the Application Server component, where an unauthenticated attacker with HTTP network access can compromise confidentiality, integrity, and availability. Oracle rates the flaw CVSS 8.1 with high attack complexity, and no public exploit identified at time of analysis. The vulnerability is addressed in Oracle's June 2026 Critical Patch Update (CPU).

Oracle Peoplesoft Enterprise Pt Peopletools Authentication Bypass
NVD VulDB
EPSS 0% CVSS 8.2
HIGH This Week

Unauthorized data access and modification in Oracle PeopleSoft Enterprise PT PeopleTools 8.61 and 8.62 allows unauthenticated remote attackers to compromise the Deployment Package component over HTTP. The flaw yields complete read access to PeopleTools-accessible data and partial write (insert/update/delete) capability without any user interaction or credentials. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but the low attack complexity and network reachability make it a high-priority patching target.

Authentication Bypass Oracle Peoplesoft Enterprise Pt Peopletools
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Full compromise of Oracle PeopleSoft Enterprise PT PeopleTools 8.61 and 8.62 is possible via the Deployment Package component, where an unauthenticated attacker with logon access to the underlying host can take over the PeopleTools instance. Oracle rates this 8.4 CVSS with full confidentiality, integrity and availability impact, and no public exploit identified at time of analysis. The local attack vector keeps remote internet-based mass exploitation unlikely, but any user who can log on to the PeopleTools server should be treated as a critical risk.

Oracle Peoplesoft Enterprise Pt Peopletools Privilege Escalation
NVD VulDB
EPSS 0% CVSS 8.7
HIGH This Week

Unauthenticated remote compromise of Oracle PeopleSoft Enterprise PT PeopleTools 8.61 and 8.62 via the WebLogic component allows attackers with HTTP access to read and modify critical data across PeopleTools and additional products in scope. Oracle rates the issue 8.7 CVSS 3.1 with high attack complexity but no privileges or user interaction, and the scope-change flag means impact extends beyond PeopleTools itself. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Authentication Bypass Oracle Peoplesoft Enterprise Pt Peopletools
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Notification Configuration). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Peoplesoft Enterprise Pt Peopletools
NVD
EPSS 1% CVSS 8.3
HIGH PATCH This Week

Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Health Center). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Peoplesoft Enterprise Pt Peopletools
NVD
EPSS 9% CVSS 5.3
MEDIUM PATCH This Month

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Httpclient +16
NVD
EPSS 16% CVSS 7.5
HIGH PATCH This Week

The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apache Commons Compress +18
NVD
EPSS 29% CVSS 7.3
HIGH PATCH This Week

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Java Apache Deserialization +60
NVD
EPSS 1% CVSS 6.2
MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: PsAdmin). Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Pt Peopletools
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy