CVE-2025-21561

Name of the Vulnerable Software and Affected Versions PeopleSoft Enterprise SCM Purchasing version 9.2

Description The issue is related to improper authorization in the Purchasing component of PeopleSoft Enterprise SCM Purchasing, allowing an attacker with reduced privileges and network access via HTTP to compromise the system. Successful attacks can result in unauthorized access to update, insert, or delete some accessible data, as well as unauthorized read access to a subset of accessible data.

Recommendations For version 9.2, consider applying security patches or updates to address the improper authorization issue in the Purchasing component. As a temporary workaround, restrict access to the Purchasing component to minimize the risk of exploitation. Additionally, limit HTTP requests to the affected system until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.