CVE-2026-34277
Unauthorized Data Access and Partial DoS in PeopleSoft Fluid Core
Publication date: 2026-04-21
Last updated on: 2026-04-23
Assigner: Oracle
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | peoplesoft_enterprise_peopletools | 8.61 |
| oracle | peoplesoft_enterprise_peopletools | 8.62 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the PeopleSoft Enterprise PeopleTools product, specifically in the Fluid Core component, affecting versions 8.61 to 8.62.
It is easily exploitable by a high privileged attacker who has network access via HTTP.
The attacker can compromise PeopleSoft Enterprise PeopleTools, potentially impacting additional related products.
Successful exploitation can lead to unauthorized update, insert, or delete operations on accessible data, unauthorized read access to some data, and the ability to cause a partial denial of service (partial DOS) on the PeopleTools system.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker with high privileges and network access to:
- Unauthorized modification (update, insert, delete) of accessible data within PeopleSoft Enterprise PeopleTools.
- Unauthorized reading of a subset of accessible data.
- Cause a partial denial of service (partial DOS) affecting the availability of PeopleSoft Enterprise PeopleTools.
These impacts affect the confidentiality, integrity, and availability of the system, potentially disrupting business operations and compromising sensitive information.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows a high privileged attacker with network access to compromise PeopleSoft Enterprise PeopleTools, resulting in unauthorized read, update, insert, or delete access to accessible data, as well as partial denial of service.
Such unauthorized access and potential data manipulation could lead to violations of data protection regulations and standards such as GDPR and HIPAA, which require strict controls over data confidentiality, integrity, and availability.
Therefore, exploitation of this vulnerability may negatively impact compliance with these common standards and regulations by exposing sensitive data or disrupting service availability.