Vulnerability in Oracle PeopleSoft Enterprise SCM Purchasing
CVE-2026-34295

6.5MEDIUM

Key Information:

Vendor

Oracle

Vendor
CVE Published:
21 April 2026

What is CVE-2026-34295?

A security vulnerability exists in Oracle's PeopleSoft Enterprise SCM Purchasing, specifically within the Purchasing component. This flaw allows a low-privileged attacker with network access via HTTP to exploit the system. Successful exploitation can lead to unauthorized access to sensitive data, potentially compromising the integrity of data across all accessible PeopleSoft Enterprise SCM Purchasing resources. Organizations utilizing affected versions should take immediate action to secure their systems against this vulnerability to prevent potential data breaches.

Affected Version(s)

PeopleSoft Enterprise SCM Purchasing 9.2

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.