📄 الوصف (الإنجليزية)
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security). Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).
🤖 ملخص AI
A critical vulnerability in Oracle PeopleSoft Enterprise PeopleTools (versions 8.61-8.62) allows low-privileged attackers with network access to compromise data integrity and confidentiality through HTTP. The vulnerability enables unauthorized creation, deletion, modification, and access to sensitive PeopleSoft data without requiring user interaction. With a CVSS score of 8.1 and no patch currently available, this poses an immediate risk to Saudi organizations relying on PeopleSoft for HR, financial, and operational management.
📄 الوصف (العربية)
🤖 التحليل الذكي آخر تحليل: Apr 26, 2026 11:50
🇸🇦 التأثير على المملكة العربية السعودية
High impact on Saudi banking sector (SAMA-regulated institutions using PeopleSoft for financial operations and compliance reporting), government entities (Ministry of Finance, civil service HR systems), healthcare organizations (MOH, private hospitals managing payroll and patient data), energy sector (ARAMCO and subsidiaries for HR and operational management), and telecommunications (STC, Mobily for employee and customer data management). The vulnerability's ability to modify critical data poses severe risks to financial integrity, regulatory compliance, and operational continuity in these sectors.
🏢 القطاعات السعودية المتأثرة
Banking and Financial Services
Government and Public Administration
Healthcare
Energy and Utilities
Telecommunications
Large Enterprises with HR/Payroll Systems
🎯 تقنيات MITRE ATT&CK
⚖️ درجة المخاطر السعودية (AI)
8.7
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all PeopleSoft Enterprise PeopleTools instances running versions 8.61-8.62 across your infrastructure
2. Restrict network access to PeopleSoft systems to authorized users only; implement IP whitelisting at firewall level
3. Enforce multi-factor authentication (MFA) for all PeopleSoft access, particularly for administrative accounts
4. Enable comprehensive audit logging for all PeopleSoft data access and modifications
5. Monitor for suspicious HTTP requests to PeopleSoft endpoints, particularly those attempting data manipulation
COMPENSATING CONTROLS (until patch available):
6. Deploy Web Application Firewall (WAF) rules to detect and block exploitation attempts targeting PeopleSoft
7. Implement database activity monitoring (DAM) to detect unauthorized data modifications
8. Segment PeopleSoft systems from general network access using network isolation
9. Conduct daily integrity checks on critical PeopleSoft data tables
10. Maintain offline backups of critical PeopleSoft databases for recovery purposes
PATCHING STRATEGY:
11. Subscribe to Oracle security advisories for patch availability
12. Prepare upgrade path to versions beyond 8.62 once available
13. Test patches in isolated environment before production deployment
DETECTION RULES:
- Monitor for HTTP requests with unusual parameters to PeopleSoft endpoints
- Alert on data modification operations from low-privileged accounts
- Track failed authentication attempts followed by successful access
- Monitor for bulk data export operations outside normal business hours
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع نسخ Oracle PeopleSoft Enterprise PeopleTools التي تعمل بالإصدارات 8.61-8.62 عبر البنية التحتية
2. تقييد الوصول إلى أنظمة PeopleSoft للمستخدمين المصرح لهم فقط؛ تطبيق قائمة بيضاء للعناوين على مستوى جدار الحماية
3. فرض المصادقة متعددة العوامل (MFA) لجميع عمليات الوصول إلى PeopleSoft، خاصة للحسابات الإدارية
4. تفعيل تسجيل التدقيق الشامل لجميع عمليات الوصول والتعديل على بيانات PeopleSoft
5. مراقبة طلبات HTTP المريبة إلى نقاط نهاية PeopleSoft، خاصة تلك التي تحاول تعديل البيانات
الضوابط التعويضية (حتى توفر التصحيح):
6. نشر قواعد جدار تطبيقات الويب (WAF) للكشف عن محاولات الاستغلال وحجبها
7. تطبيق مراقبة نشاط قاعدة البيانات (DAM) للكشف عن تعديلات البيانات غير المصرح بها
8. عزل أنظمة PeopleSoft عن الوصول العام للشبكة باستخدام العزل الشبكي
9. إجراء فحوصات سلامة يومية على جداول بيانات PeopleSoft الحرجة
10. الحفاظ على نسخ احتياطية غير متصلة من قواعد بيانات PeopleSoft الحرجة لأغراض الاسترجاع
استراتيجية التصحيح:
11. الاشتراك في تنبيهات أمان Oracle لتوفر التصحيحات
12. تحضير مسار الترقية إلى إصدارات تتجاوز 8.62 عند توفرها
13. اختبار التصحيحات في بيئة معزولة قبل النشر في الإنتاج
قواعد الكشف:
- مراقبة طلبات HTTP بمعاملات غير عادية إلى نقاط نهاية PeopleSoft
- تنبيهات على عمليات تعديل البيانات من حسابات ذات امتيازات منخفضة
- تتبع محاولات المصادقة الفاشلة متبوعة بالوصول الناجح
- مراقبة عمليات تصدير البيانات الضخمة خارج ساعات العمل العادية
📋 خريطة الامتثال التنظيمي
🟢 NCA ECC 2024
5.1 - Access Control and Authentication
5.2 - User Access Management
5.3 - Privileged Access Management
6.1 - Data Protection and Encryption
6.2 - Data Integrity
7.1 - Security Monitoring and Logging
7.2 - Incident Detection and Response
🔵 SAMA CSF
Governance & Risk Management - Risk Assessment and Management
Information Security - Access Control
Information Security - Data Protection
Operational Resilience - Monitoring and Alerting
Incident Management - Detection and Response
🟡 ISO 27001:2022
A.5.1 - Policies for information security
A.5.2 - Information security roles and responsibilities
A.6.1 - Screening
A.6.2 - Terms and conditions of employment
A.8.1 - User endpoint devices
A.8.2 - Privileged access rights
A.8.3 - Information access restriction
A.9.1 - Access control
A.9.2 - User registration and de-registration
A.9.4 - Access rights review
A.10.1 - Cryptography
A.12.4 - Logging
A.12.6 - Management of technical vulnerabilities
🟣 PCI DSS v4.0.1
Requirement 1 - Firewall Configuration
Requirement 2 - Default Passwords
Requirement 6 - Secure Development and Vulnerability Management
Requirement 7 - Restrict Access to Data
Requirement 8 - User Identification and Authentication
Requirement 10 - Tracking and Monitoring Access
🔗 المراجع والمصادر 1