Oracle PeopleSoft Absence Management Unauthorized Data Access Vulnerability

Vulnerability

A vulnerability exists in Oracle PeopleSoft Enterprise HCM Absence Management version 9.2, within the Absence Management component. This easily exploitable vulnerability allows a high-privileged attacker with network access via HTTP to compromise the application. Successful exploitation could lead to unauthorized creation, deletion, or modification of critical data, as well as unauthorized access to all data accessible within PeopleSoft Enterprise HCM Absence Management.

Impact

Exploitation of this vulnerability could result in unauthorized access to critical data or complete access to all data within PeopleSoft Enterprise HCM Absence Management, along with the ability to create, delete, or modify critical data.

Added: Apr 21, 2026, 11:18 PM

Updated: Apr 21, 2026, 11:18 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

5.0

exploitability

4.4

remediation

0.0

relevance

6.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

5.0

exploitability

4.4

remediation

0.0

relevance

6.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Oracle PeopleSoft Absence Management Unauthorized Data Access Vulnerability

Vulnerability

Impact

Affected Products

Oracle PeopleSoft Enterprise HCM Absence Management

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating