{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34301", "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "state": "PUBLISHED", "assignerShortName": "oracle", "dateReserved": "2026-03-26T19:48:45.678Z", "datePublished": "2026-04-21T20:35:31.556Z", "dateUpdated": "2026-04-21T20:35:31.556Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle", "dateUpdated": "2026-04-21T20:35:31.556Z"}, "problemTypes": [{"descriptions": [{"lang": "en-US", "description": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Maintenance Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise FIN Maintenance Management accessible data."}]}], "affected": [{"vendor": "Oracle Corporation", "product": "PeopleSoft Enterprise FIN Maintenance Management", "versions": [{"version": "9.2", "status": "affected", "versionType": "semver"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_fin_maintenance_management:9.2:*:*:*:*:*:*:*"}]}]}], "descriptions": [{"lang": "en-US", "value": "Vulnerability in the PeopleSoft Enterprise FIN Maintenance Management product of Oracle PeopleSoft (component: Work Order Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Maintenance Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise FIN Maintenance Management accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."}], "references": [{"url": "https://www.oracle.com/security-alerts/cpuapr2026.html", "name": "Oracle Advisory", "tags": ["vendor-advisory"]}], "metrics": [{"cvssV3_1": {"attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the PeopleSoft Enterprise FIN Maintenance Management product of Oracle PeopleSoft (component: Work Order Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Maintenance Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise FIN Maintenance Management accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."}], "id": "CVE-2026-34301", "lastModified": "2026-04-21T21:16:35.283", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "secalert_us@oracle.com", "type": "Primary"}]}, "published": "2026-04-21T21:16:35.283", "references": [{"source": "secalert_us@oracle.com", "url": "https://www.oracle.com/security-alerts/cpuapr2026.html"}], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Received"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.2"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "PeopleSoft Enterprise FIN Maintenance Management", "source": "cna", "vendor": "Oracle Corporation"}, "product": "peoplesoft_enterprise_fin_maintenance_management", "vendor": "oracle"}], "analysis": {"en": {"generated_at": "2026-04-22T08:23:32.157254+00:00", "value": {"mitigation_remediation": ["Apply Oracle PeopleSoft version\u00a09.2 patch released in April\u00a02026 (see Oracle CPU April\u00a02026 advisory).", "Limit HTTP access to the Work Order Management interface by firewall or VPN to trusted IP ranges.", "Enforce least\u2011privilege role\u2011based access control to ensure low\u2011privileged accounts cannot view confidential data."], "summary": {"action": "Patch", "impact": "Confidentiality breach due to unauthorized data exposure"}, "threat_synthesis": {"affected_systems": "Affected is Oracle Corporation\u2019s PeopleSoft Enterprise FIN Maintenance Management product, version\u00a09.2. No other versions or variants are noted.", "description_and_impact": "The vulnerability resides in the Work Order Management component of Oracle PeopleSoft Enterprise FIN Maintenance Management. It permits a low\u2011privileged attacker with network connectivity over HTTP to compromise the system and gain unauthorized access to all business data. The attack does not affect integrity or availability, but it severely impacts confidentiality by allowing full data traversal.", "risk_and_exploitability": "The CVSS\u00a03.1 base score of 6.5 indicates a medium severity. Although the EPSS score is not available and the flaw is not listed in the CISA KEV catalog, the vector AV:N/AC:L/PR:L indicates that a network attacker can easily reach the vulnerable HTTP interface. No public exploit information is provided, but the low privilege requirement suggests that this flaw could be abused by insiders or compromised credentials."}}}}, "created": "2026-04-22T02:15:05.238283+00:00", "title": "PeopleSoft FIN Maintenance Management HTTP Vulnerability Exposes Confidential Data", "updated": "2026-04-22T08:30:12.489471+00:00", "vendors": ["oracle", "oracle$PRODUCT$peoplesoft_enterprise_fin_maintenance_management"], "weaknesses": ["CWE-264", "CWE-285"]}