PT-2026-3701 · Oracle · Peoplesoft Enterprise Peopletools+1
Published
2026-01-20
·
Updated
2026-01-21
·
CVE-2026-21951
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Oracle PeopleSoft versions 8.60 through 8.62
Description
A flaw exists in the Integration Broker component of Oracle PeopleSoft Enterprise PeopleTools. An unauthenticated attacker with network access via HTTP can compromise the system. Exploitation requires interaction from a user other than the attacker. Successful attacks may lead to unauthorized data modification, insertion, or deletion, as well as unauthorized data access.
Recommendations
Update PeopleSoft Enterprise PeopleTools version 8.60 to a later version.
Update PeopleSoft Enterprise PeopleTools version 8.61 to a later version.
Update PeopleSoft Enterprise PeopleTools version 8.62 to a later version.
Fix
XSS
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Peoplesoft
Peoplesoft Enterprise Peopletools