This vulnerability exists in the Deployment Package component of Oracle PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.62. It is easily exploitable by an attacker who already has high privileges and logon access to the infrastructure hosting PeopleTools. Successful exploitation can result in complete compromise of PeopleSoft Enterprise PT PeopleTools and may impact other related Oracle products. The CVSS 3.1 base score is 8.2 with vector AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H, indicating local attack vector, low attack complexity, high privileges required, no user interaction, scope change, and high impact on confidentiality, integrity, and availability. Oracle’s June 2026 Critical Security Patch Update includes patches for this vulnerability, and customers are urged to apply these updates without delay.

An attacker with high privileges and logon access to the infrastructure can fully compromise PeopleSoft Enterprise PT PeopleTools, potentially leading to takeover of the product and affecting confidentiality, integrity, and availability. The vulnerability also has a scope change, meaning it may impact additional Oracle products beyond PeopleTools. This could result in significant operational and security risks for affected organizations.

Oracle has released patches for this vulnerability as part of the June 2026 Critical Security Patch Update. Customers should apply these patches promptly to remediate the issue. Until patches are applied, risk can be reduced by restricting privileges and access to the affected infrastructure and blocking network protocols required by potential attacks, though these measures may impact functionality. Oracle strongly recommends staying on actively supported versions and applying security patches without delay. Patch status is confirmed by the vendor advisory.