PT-2026-3718 · Oracle · Peoplesoft Enterprise Scm Purchasing
Published
2026-01-20
·
Updated
2026-01-21
·
CVE-2026-21971
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Oracle PeopleSoft Enterprise SCM Purchasing version 9.2
Description
An easily exploitable issue exists in the Purchasing component of Oracle PeopleSoft Enterprise SCM Purchasing. A low-privileged attacker with network access via HTTP can compromise the system. Successful exploitation may lead to unauthorized modification, insertion, or deletion of data, as well as unauthorized read access to data within PeopleSoft Enterprise SCM Purchasing.
Recommendations
Update PeopleSoft Enterprise SCM Purchasing version 9.2.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Peoplesoft Enterprise Scm Purchasing