PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46979 Oracle Corporation CVE debrief

A vulnerability was found in PeopleSoft Enterprise CS Campus Community 9.2.38. This vulnerability allows high privileged attackers with network access via HTTPS to compromise PeopleSoft Enterprise CS Campus Community, potentially leading to unauthorized creation, deletion, or modification access to critical data or all PeopleSoft Enterprise CS Campus Community accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise CS Campus Community accessible data.

Vendor
Oracle Corporation
Product
PeopleSoft Enterprise CS Campus Community
CVSS
MEDIUM 6.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-26
Advisory published
2026-06-17
Advisory updated
2026-06-26

Who should care

Administrators and users of PeopleSoft Enterprise CS Campus Community 9.2.38, particularly those responsible for vulnerability management, platform security, and affected system operators, should be aware of this vulnerability and take necessary precautions to protect their systems, including reviewing system deployments, assessing potential impact, and prioritizing patching efforts.

Technical summary

The vulnerability in PeopleSoft Enterprise CS Campus Community 9.2.38 has a CVSS 3.1 Base Score of 6.5, indicating a medium severity level. The vulnerability is easily exploitable and allows high privileged attackers with network access via HTTPS to compromise PeopleSoft Enterprise CS Campus Community. Successful attacks can result in unauthorized creation, deletion, or modification access to critical data or all PeopleSoft Enterprise CS Campus Community accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise CS Campus Community accessible data.

Defensive priority

Medium priority should be given to patching this vulnerability, as it can be exploited by high privileged attackers with network access via HTTPS.

Recommended defensive actions

  • Apply the patch provided by Oracle Corporation
  • Restrict access to PeopleSoft Enterprise CS Campus Community to only necessary personnel
  • Monitor systems for suspicious activity
  • Implement additional security measures to protect against similar vulnerabilities
  • Review system deployments and assess potential impact
  • Prioritize patching efforts for affected systems
  • Track exceptions and retest remediated assets

Evidence notes

The CVE record was published on 2026-06-17T10:54:16.910Z and was last modified on 2026-06-26T03:45:49.873Z. The NVD entry is currently Analyzed. This vulnerability affects PeopleSoft Enterprise CS Campus Community 9.2.38, and its exploitation requires high privileged attacker access via HTTPS. Evidence of successful attacks includes unauthorized creation, deletion, or modification access to critical data or all PeopleSoft Enterprise CS Campus Community accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise CS Campus Community accessible data. Defenders should verify system configurations, review access controls, and monitor for suspicious activity.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:54:16.910Z and has not been modified since then. The NVD entry is currently Analyzed.