This vulnerability affects Oracle PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.62, specifically the Performance Monitor component. It allows a remote unauthenticated attacker with network access via HTTP to compromise the system, potentially resulting in full takeover. The CVSS 3.1 vector (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) indicates network attack vector, high attack complexity, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability. Oracle's June 2026 Critical Security Patch Update addresses this vulnerability among 245 others. The vendor strongly recommends applying the patch immediately. No official remediation level or patch link was explicitly provided in the input, but the vendor advisory confirms patch availability as part of the June 2026 update.

Successful exploitation can lead to complete compromise of the PeopleSoft Enterprise PT PeopleTools system, impacting confidentiality, integrity, and availability of the affected system. This could allow attackers to take over the system remotely without authentication. No known exploits in the wild have been reported yet.

Oracle has released patches for this vulnerability in the June 2026 Critical Security Patch Update. Customers should apply this update promptly to remediate the vulnerability. Until patches are applied, risk may be reduced by blocking network protocols required for exploitation or removing unnecessary privileges, though these may impact functionality. Oracle strongly recommends remaining on actively supported versions and applying security patches without delay. Patch status is confirmed by the vendor advisory at https://www.oracle.com/security-alerts/cspujun2026.html.