Vulnerabilities ›

CVE-2026-34307

Medium

                    Published: Apr 21, 2026                      ·  Modified: Apr 22, 2026                      ·  Source: NVD                

CVSS v3

5.4

🔗 NVD Official

📄 Description (English)

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Workflow). Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).

🤖 AI Executive Summary

A medium-severity vulnerability in Oracle PeopleSoft Enterprise PeopleTools (versions 8.61-8.62) Workflow component allows low-privileged attackers with network access to compromise data integrity and confidentiality through HTTP. The vulnerability requires user interaction and has a CVSS score of 5.4, with potential scope changes affecting dependent systems. No patch is currently available, requiring immediate compensating controls for affected Saudi organizations.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 28, 2026 14:17

🇸🇦 Saudi Arabia Impact Assessment

Saudi organizations using PeopleSoft Enterprise PeopleTools for HR, payroll, and financial management are at risk, particularly in banking sector (SAMA-regulated institutions), government agencies (NCA oversight), and large enterprises. The vulnerability's scope change means attacks on PeopleTools could compromise integrated ERP systems managing critical business processes. Saudi financial institutions and government entities relying on PeopleSoft for employee and financial data management face unauthorized data access and modification risks. The requirement for user interaction increases risk in organizations with limited security awareness training.

🏢 Affected Saudi Sectors

Banking and Financial Services Government and Public Administration Healthcare and Medical Services Energy and Utilities Telecommunications Large Enterprises with HR/Payroll Systems

🎯 MITRE ATT&CK Techniques

T1566 - Phishing (User Interaction Requirement) T1199 - Trusted Relationship (Scope Change Impact) T1078 - Valid Accounts (Low-Privileged Access) T1190 - Exploit Public-Facing Application (HTTP Network Access) T1530 - Data from Cloud Storage (Data Access Impact) T1213 - Data from Information Repositories (Unauthorized Read/Write)

⚖️ Saudi Risk Score (AI)

6.8

/ 10.0

🔧 Remediation Steps (English)

Immediate Actions:

1. Identify all PeopleSoft Enterprise PeopleTools instances running versions 8.61-8.62 in your environment

2. Restrict network access to PeopleTools Workflow components using firewall rules and network segmentation

3. Implement strict access controls limiting low-privileged user access to Workflow functionality

4. Disable or restrict HTTP access to Workflow components; enforce HTTPS with strong TLS configurations

5. Conduct user awareness training on phishing and social engineering targeting PeopleTools users



Compensating Controls (until patch available):

6. Deploy Web Application Firewall (WAF) rules to monitor and block suspicious Workflow HTTP requests

7. Implement enhanced logging and monitoring of Workflow component access and data modifications

8. Apply principle of least privilege to Workflow user accounts; audit and remove unnecessary permissions

9. Monitor for unauthorized data access patterns using SIEM tools

10. Implement multi-factor authentication (MFA) for all PeopleTools administrative and sensitive user accounts



Detection Rules:

11. Alert on HTTP requests to Workflow endpoints from low-privileged accounts

12. Monitor for unusual data modification patterns in PeopleTools databases

13. Track failed authentication attempts followed by successful access to Workflow components

14. Monitor for privilege escalation attempts within PeopleTools

15. Check for unusual outbound connections from PeopleTools application servers

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تحديد جميع نسخ Oracle PeopleSoft Enterprise PeopleTools التي تعمل بالإصدارات 8.61-8.62 في بيئتك

2. تقييد الوصول إلى مكونات سير العمل باستخدام قواعد جدار الحماية والفصل الشبكي

3. تطبيق ضوابط وصول صارمة تحد من وصول المستخدمين ذوي الامتيازات المنخفضة إلى وظائف سير العمل

4. تعطيل أو تقييد الوصول عبر HTTP إلى مكونات سير العمل؛ فرض HTTPS مع تكوينات TLS قوية

5. إجراء تدريب على الوعي الأمني للمستخدمين بشأن التصيد والهندسة الاجتماعية

الضوابط التعويضية (حتى توفر التصحيح):

6. نشر قواعد جدار تطبيقات الويب (WAF) لمراقبة وحظر طلبات سير العمل المريبة

7. تطبيق تسجيل ومراقبة محسّنة لوصول مكونات سير العمل وتعديلات البيانات

8. تطبيق مبدأ أقل امتياز على حسابات مستخدمي سير العمل؛ تدقيق وإزالة الأذونات غير الضرورية

9. مراقبة أنماط الوصول غير المصرح بها للبيانات باستخدام أدوات SIEM

10. تطبيق المصادقة متعددة العوامل (MFA) لجميع حسابات المسؤولين والمستخدمين الحساسين

قواعد الكشف:

11. تنبيهات على طلبات HTTP إلى نقاط نهاية سير العمل من حسابات ذات امتيازات منخفضة

12. مراقبة أنماط تعديل البيانات غير العادية في قواعد بيانات PeopleTools

13. تتبع محاولات المصادقة الفاشلة متبوعة بالوصول الناجح إلى مكونات سير العمل

14. مراقبة محاولات تصعيد الامتيازات داخل PeopleTools

15. التحقق من الاتصالات الخارجية غير العادية من خوادم تطبيقات PeopleTools

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 A.5.1.1 - Access Control Policies ECC 2024 A.5.2.1 - User Registration and Access Rights Management ECC 2024 A.5.3.1 - Management of Privileged Access Rights ECC 2024 A.8.2.1 - User Awareness and Training ECC 2024 A.12.4.1 - Event Logging ECC 2024 A.12.4.3 - Administrator and Operator Logs

🔵 SAMA CSF

SAMA CSF ID.AM-2 - Software Inventory SAMA CSF PR.AC-1 - Access Control Policy SAMA CSF PR.AC-4 - Access Rights Management SAMA CSF DE.CM-1 - Network Monitoring SAMA CSF DE.CM-3 - Personnel Activity Monitoring SAMA CSF RS.MI-2 - Incident Response Procedures

🟡 ISO 27001:2022

ISO 27001:2022 A.5.2 - Information Security Policies ISO 27001:2022 A.6.2 - Personnel Security ISO 27001:2022 A.8.1 - User Endpoint Devices ISO 27001:2022 A.8.2 - Privileged Access Rights ISO 27001:2022 A.8.3 - Information Access Restriction ISO 27001:2022 A.12.4 - Logging

🟣 PCI DSS v4.0.1

PCI DSS 2.1 - Configuration Standards PCI DSS 6.2 - Security Patches PCI DSS 7.1 - Access Control Implementation PCI DSS 8.1 - User Identification and Authentication PCI DSS 10.2 - User Activity Logging

🔗 References & Sources 1

🔗

https://www.oracle.com/security-alerts/cpuapr2026.html

secalert_us@oracle.com

📊 CVSS Score

5.4

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionR — Required

ScopeC — Changed

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityN — None / Network

📋 Quick Facts

Severity Medium

CVSS Score5.4

EPSS0.03%

Exploit No

Patch ✗ No

Published 2026-04-21

Source Feed nvd

🇸🇦 Saudi Risk Score

6.8

/ 10.0 — Saudi Risk

Priority: HIGH

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-34307

Introduce Yourself

Sign In Required