PT-2026-3688 · Oracle · Peoplesoft Enterprise Peopletools+1
Published
2026-01-20
·
Updated
2026-01-21
·
CVE-2026-21938
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Oracle PeopleSoft versions 8.60 through 8.62
Description
A flaw exists within the Portal component of Oracle PeopleSoft Enterprise PeopleTools that allows an unauthenticated attacker with network access via HTTP to compromise the system. Successful exploitation requires interaction from a user other than the attacker and may impact other products. Exploitation can lead to unauthorized data modification, insertion, or deletion, as well as unauthorized read access to some data.
Recommendations
Update PeopleSoft Enterprise PeopleTools version 8.60 to a later version.
Update PeopleSoft Enterprise PeopleTools version 8.61 to a later version.
Update PeopleSoft Enterprise PeopleTools version 8.62 to a later version.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Peoplesoft
Peoplesoft Enterprise Peopletools