VDB
GCVE-110-NCSC-2026-127
GCVE-110-NCSC-2026-127
Advisory PublishedCVSS 5.4/10
A vulnerability in Oracle PeopleSoft Enterprise HCM Shared Components 9.2 allows a low-privileged attacker with network access and user interaction to gain unauthorized read and write access, with a CVSS 3.1 score of 5.4.
Weaknesses (CWE)
CWE-835Loop with Unreachable Exit Condition ('Infinite Loop')CWE-567Unsynchronized Access to Shared Data in a Multithreaded ContextCWE-787Out-of-bounds WriteCWE-476NULL Pointer DereferenceCWE-770Allocation of Resources Without Limits or ThrottlingCWE-297Improper Validation of Certificate with Host Mismatch
Risk Scores
CVSS 3.1
5.4/10
Medium · CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Oracle Corporation | vers:unknown/* | — | — |
| Oracle | vers:unknown/* | — | — |
Aliases
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.