CVE-2026-35288
HighCVSS 8.2Exploitation Probability (EPSS)
Low risk6th percentile — higher than 6% of all known CVEs
Summary
Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle affects the Deployment Package component. Versions 8.61 and 8.62 are susceptible to easily exploitable attacks that can lead to system takeover by a high-privileged attacker.
Risk Assessment
Attacks may significantly impact additional products, increasing risk for the organization. Taking over PeopleSoft Enterprise PT PeopleTools can lead to serious breaches of confidentiality, integrity, and availability of data.
Recommendation
It is recommended to update to the latest version of PeopleSoft Enterprise PT PeopleTools and implement additional security measures to restrict access to the infrastructure where the system operates.
Original NVD description (English source)
Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Deployment Package). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PT PeopleTools executes to compromise PeopleSoft Enterprise PT PeopleTools. While the vulnerability is in PeopleSoft Enterprise PT PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PT PeopleTools. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

