CVE Catalog

CVE-2026-35272

HighCVSS 8.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

7th percentile — higher than 7% of all known CVEs

Summary

Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle, affecting the Deployment Package component. Versions 8.61 and 8.62 are susceptible to easily exploitable attacks that can lead to system takeover by an unauthorized user.

Risk Assessment

An attacker with access to the infrastructure where PeopleSoft runs can easily take control of the system, potentially leading to severe breaches of confidentiality, integrity, and availability of data.

Recommendation

It is recommended to immediately update the system to the latest version to minimize the risk associated with this vulnerability.

Original NVD description (English source)

Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Deployment Package). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PT PeopleTools executes to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PT PeopleTools. CVSS 3.1 Base Score 8.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Vulnerability data from NVD (NIST) · CISA KEV · EPSS