{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T05:31:22.799","vulnerabilities":[{"cve":{"id":"CVE-2026-21971","sourceIdentifier":"secalert_us@oracle.com","published":"2026-01-20T22:16:00.210","lastModified":"2026-01-29T14:47:26.827","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of Oracle PeopleSoft (component: Purchasing).   The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM Purchasing.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of PeopleSoft Enterprise SCM Purchasing accessible data as well as  unauthorized read access to a subset of PeopleSoft Enterprise SCM Purchasing accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."},{"lang":"es","value":"Vulnerabilidad en el producto PeopleSoft Enterprise SCM Purchasing de Oracle PeopleSoft (componente: Purchasing). La versión compatible que se ve afectada es 9.2. Vulnerabilidad fácilmente explotable permite a un atacante con pocos privilegios y acceso a la red vía HTTP comprometer PeopleSoft Enterprise SCM Purchasing. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado de actualización, inserción o eliminación a algunos de los datos accesibles de PeopleSoft Enterprise SCM Purchasing, así como acceso de lectura no autorizado a un subconjunto de los datos accesibles de PeopleSoft Enterprise SCM Purchasing. Puntuación Base CVSS 3.1 de 5.4 (Impactos en la Confidencialidad e Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_supply_chain_management_purchasing:9.2:*:*:*:*:*:*:*","matchCriteriaId":"33380872-8382-41C9-B640-35FA5DCF1046"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cpujan2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}}]}