CVE-2026-34295
Unauthorized Access via Network in Oracle PeopleSoft SCM Purchasing
Publication date: 2026-04-21
Last updated on: 2026-04-23
Assigner: Oracle
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | peoplesoft_enterprise_scm_purchasing | 9.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows unauthorized access to critical data or complete access to all data accessible via PeopleSoft Enterprise SCM Purchasing. Such unauthorized access to sensitive or critical data can potentially lead to non-compliance with data protection regulations and standards such as GDPR and HIPAA, which require strict controls over access to personal and sensitive information.
However, the provided information does not explicitly mention the impact on compliance with specific standards or regulations.
Can you explain this vulnerability to me?
This vulnerability exists in the PeopleSoft Enterprise SCM Purchasing product of Oracle PeopleSoft, specifically in version 9.2. It allows a low privileged attacker with network access via HTTP to exploit the system easily. The attacker can compromise the PeopleSoft Enterprise SCM Purchasing component, potentially gaining unauthorized access to critical or all accessible data within the system.
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker could gain unauthorized access to critical data or even complete access to all data accessible through PeopleSoft Enterprise SCM Purchasing. This could lead to data breaches, exposure of sensitive information, and potential misuse of the compromised data.