Oracle PeopleSoft HCM Talent Acquisition Manager Job Opening Vulnerability Allowing Unauthorized Data Access

A vulnerability exists in Oracle PeopleSoft Enterprise HCM Talent Acquisition Manager, specifically in the Job Opening component, for version 9.2. This vulnerability allows a low-privileged attacker with network access via HTTP to compromise the application. Exploitation of this vulnerability requires human interaction from a third party. While the issue is contained within the Talent Acquisition Manager, it could also affect other PeopleSoft products, leading to a scope change. Successful exploitation could result in unauthorized access to, and manipulation of, certain data within the application. The vulnerability has a CVSS 3.1 base score of 5.4, indicating impacts on confidentiality and integrity.

Impact

Exploitation of this vulnerability could lead to unauthorized read access and the ability to unauthorizedly update, insert, or delete some accessible data within PeopleSoft Enterprise HCM Talent Acquisition Manager.

Remediation

Users can apply the patch for this vulnerability, which is available through the Oracle Critical Patch Update program. Instructions for applying the patch can be found in the Oracle E-Business Suite Release 12 Critical Patch Update Knowledge Document (April 2025), My Oracle Support Note 2484000.1.