CVE-2026-34299: Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Maintenance Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise FIN Maintenance Management accessible data. in Oracle Corporation PeopleSoft Enterprise FIN Maintenance Management
CVE-2026-34299 is a vulnerability in Oracle PeopleSoft Enterprise FIN Maintenance Management version 9. 2, specifically in the Work Order Management component. It allows a low privileged attacker with network access via HTTP to gain unauthorized access to critical or all accessible data within the affected product. The vulnerability has a CVSS 3. 1 base score of 6. 5, indicating a medium severity primarily due to confidentiality impact. No official patch or remediation level is explicitly stated in the vendor advisory, and no known exploits in the wild have been reported. Oracle's April 2026 Critical Patch Update advisory does not specifically mention a patch for this product version, and customers are generally advised to apply available patches promptly. There is no indication that this is a cloud service, so remediation depends on customer action. No affected countries are specified.
AI Analysis
Technical Summary
CVE-2026-34299 affects Oracle PeopleSoft Enterprise FIN Maintenance Management 9.2, allowing an attacker with low privileges and network access over HTTP to compromise the system and gain unauthorized access to critical or all accessible data. The vulnerability relates to improper access control (CWE-284). The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) indicates network attack vector, low attack complexity, low privileges required, no user interaction, unchanged scope, high confidentiality impact, and no integrity or availability impact. The vendor advisory from Oracle's April 2026 Critical Patch Update does not explicitly confirm a patch for this vulnerability, and no remediation level is provided. Customers are advised to monitor Oracle advisories and apply patches as they become available.
Potential Impact
Successful exploitation results in unauthorized access to critical or all accessible data within PeopleSoft Enterprise FIN Maintenance Management 9.2. The impact is limited to confidentiality with no reported integrity or availability effects. There are no known exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the Oracle advisory at https://www.oracle.com/security-alerts/cpuapr2026.html for current remediation guidance. Oracle recommends applying Critical Patch Updates promptly when available. Since this is not a cloud service, customers must apply patches themselves once released. No vendor advisory states that no action is required or that the issue is already mitigated.
CVE-2026-34299: Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Maintenance Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise FIN Maintenance Management accessible data. in Oracle Corporation PeopleSoft Enterprise FIN Maintenance Management
Description
CVE-2026-34299 is a vulnerability in Oracle PeopleSoft Enterprise FIN Maintenance Management version 9. 2, specifically in the Work Order Management component. It allows a low privileged attacker with network access via HTTP to gain unauthorized access to critical or all accessible data within the affected product. The vulnerability has a CVSS 3. 1 base score of 6. 5, indicating a medium severity primarily due to confidentiality impact. No official patch or remediation level is explicitly stated in the vendor advisory, and no known exploits in the wild have been reported. Oracle's April 2026 Critical Patch Update advisory does not specifically mention a patch for this product version, and customers are generally advised to apply available patches promptly. There is no indication that this is a cloud service, so remediation depends on customer action. No affected countries are specified.
CVSS v3.1
Score 6.5medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-34299 affects Oracle PeopleSoft Enterprise FIN Maintenance Management 9.2, allowing an attacker with low privileges and network access over HTTP to compromise the system and gain unauthorized access to critical or all accessible data. The vulnerability relates to improper access control (CWE-284). The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) indicates network attack vector, low attack complexity, low privileges required, no user interaction, unchanged scope, high confidentiality impact, and no integrity or availability impact. The vendor advisory from Oracle's April 2026 Critical Patch Update does not explicitly confirm a patch for this vulnerability, and no remediation level is provided. Customers are advised to monitor Oracle advisories and apply patches as they become available.
Potential Impact
Successful exploitation results in unauthorized access to critical or all accessible data within PeopleSoft Enterprise FIN Maintenance Management 9.2. The impact is limited to confidentiality with no reported integrity or availability effects. There are no known exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the Oracle advisory at https://www.oracle.com/security-alerts/cpuapr2026.html for current remediation guidance. Oracle recommends applying Critical Patch Updates promptly when available. Since this is not a cloud service, customers must apply patches themselves once released. No vendor advisory states that no action is required or that the issue is already mitigated.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- oracle
- Date Reserved
- 2026-03-26T19:48:45.678Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","vendor":"Oracle"}]
Threat ID: 69e7e5a619fe3cd2cdf9f94a
Added to database: 4/21/2026, 9:01:26 PM
Last enriched: 4/29/2026, 11:36:11 AM
Last updated: 6/4/2026, 6:13:24 PM
Views: 59
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.