CVE Catalog

CVE-2026-35288

HighCVSS 8.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

6th percentile — higher than 6% of all known CVEs

Summary

Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle affects the Deployment Package component. Versions 8.61 and 8.62 are susceptible to easily exploitable attacks that can lead to system takeover by a high-privileged attacker.

Risk Assessment

Attacks may significantly impact additional products, increasing risk for the organization. Taking over PeopleSoft Enterprise PT PeopleTools can lead to serious breaches of confidentiality, integrity, and availability of data.

Recommendation

It is recommended to update to the latest version of PeopleSoft Enterprise PT PeopleTools and implement additional security measures to restrict access to the infrastructure where the system operates.

Original NVD description (English source)

Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Deployment Package). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PT PeopleTools executes to compromise PeopleSoft Enterprise PT PeopleTools. While the vulnerability is in PeopleSoft Enterprise PT PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PT PeopleTools. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

Vulnerability data from NVD (NIST) · CISA KEV · EPSS