CVE-2010-3526
Description
Unspecified vulnerability in the PeopleSoft Enterprise SCM - PO component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An unspecified flaw in PeopleSoft Enterprise SCM - PO allows remote authenticated users to impact confidentiality and integrity via unknown vectors.
Vulnerability
An unspecified vulnerability exists in the PeopleSoft Enterprise SCM - PO (Purchasing) component of the Oracle PeopleSoft and JDEdwards Suite. This affects versions 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6. The exact nature of the bug and the required conditions are not disclosed in the available references, but the Oracle Critical Patch Update Advisory - October 2010 addresses the issue as part of a larger security update [1].
Exploitation
Exploitation requires remote authenticated access to the affected PeopleSoft system. The attacker must have valid user credentials. The precise attack vector or sequence of steps is not detailed in the publicly available references; the vendor advisory classifies the vectors as unknown [1].
Impact
Successful exploitation of this vulnerability can compromise the confidentiality and integrity of the affected system. The attacker does not gain availability impact according to the CVSS specification, and the level of privilege escalation or scope of data access is not further specified in the available documentation [1].
Mitigation
Oracle released the Critical Patch Update for October 2010, which includes a fix for this vulnerability. Users are advised to apply the appropriate patches from Oracle for their affected PeopleSoft Enterprise SCM - PO versions (8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6). No workarounds have been provided in the available references [1]. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4cpe:2.3:a:oracle:peoplesoft_and_jdedwards_product_suite:8.9:bundle38:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:oracle:peoplesoft_and_jdedwards_product_suite:8.9:bundle38:*:*:*:*:*:*
- cpe:2.3:a:oracle:peoplesoft_and_jdedwards_product_suite:9.0:bundle31:*:*:*:*:*:*
- cpe:2.3:a:oracle:peoplesoft_and_jdedwards_product_suite:9.1:bundle6:*:*:*:*:*:*
- Range: 8.9 Bundle #38, 9.0 Bundle #31, 9.1 Bundle #6
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.us-cert.gov/cas/techalerts/TA10-287A.htmlnvdUS Government Resource
- www.oracle.com/technetwork/topics/security/cpuoct2010-175626.htmlnvd
News mentions
0No linked articles in our index yet.