CVE-2026-34269
Unauthorized Data Modification via Portal Vulnerability in PeopleSoft Tools
Publication date: 2026-04-21
Last updated on: 2026-04-23
Assigner: Oracle
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | peoplesoft_enterprise_peopletools | 8.61 |
| oracle | peoplesoft_enterprise_peopletools | 8.62 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft, specifically in the Portal component for versions 8.61 to 8.62.
It is an easily exploitable vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise the system.
Successful exploitation requires human interaction from someone other than the attacker.
The vulnerability can lead to unauthorized update, insert, or delete access to some accessible data, as well as unauthorized read access to a subset of accessible data within PeopleSoft Enterprise PeopleTools.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to gain unauthorized access to data within PeopleSoft Enterprise PeopleTools.
- Unauthorized update, insert, or delete operations on accessible data.
- Unauthorized read access to some data.
Because the scope of the attack can extend beyond PeopleSoft Enterprise PeopleTools, it may significantly impact additional products.