Unrated severityNVD Advisory· Published Oct 14, 2010· Updated Apr 29, 2026

CVE-2010-3537

Description

Unspecified vulnerability in the PeopleSoft Enterprise FMS - AM component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Remote authenticated users can breach PeopleSoft FMS confidentiality and integrity via unknown vectors in versions 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6.

Vulnerability

An unspecified vulnerability exists in the PeopleSoft Enterprise FMS - AM (Asset Management) component of Oracle PeopleSoft and JDEdwards Suite. Affected versions are 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6. The vulnerability allows remote authenticated users to affect the confidentiality and integrity of the system through unknown vectors [1].

Exploitation

An attacker must be a remote authenticated user of the PeopleSoft application. No additional privileges or special conditions beyond valid credentials are described in the available references. The exact steps required to trigger the vulnerability have not been disclosed [1].

Impact

Successful exploitation results in unauthorized disclosure (compromised confidentiality) and unauthorized modification (compromised integrity) of data managed by the PeopleSoft FMS - AM component. The impact does not extend to availability, as the vulnerability does not affect denial-of-service according to the description [1].

Mitigation

Oracle addressed this vulnerability in the October 2010 Critical Patch Update. The fixed versions are: PeopleSoft Enterprise FMS 8.9 Bundle #39 or later, 9.0 Bundle #32 or later, and 9.1 Bundle #7 or later. Organizations should apply the relevant CPU patches as soon as possible [1]. This CVE is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog.

References

Oracle Updates for Multiple Vulnerabilities | CISA

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Oracle Corporation/Peoplesoft And Jdedwards Product Suite3 versions
cpe:2.3:a:oracle:peoplesoft_and_jdedwards_product_suite:8.9:bundle38:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:oracle:peoplesoft_and_jdedwards_product_suite:8.9:bundle38:*:*:*:*:*:*
- cpe:2.3:a:oracle:peoplesoft_and_jdedwards_product_suite:9.0:bundle31:*:*:*:*:*:*
- cpe:2.3:a:oracle:peoplesoft_and_jdedwards_product_suite:9.1:bundle6:*:*:*:*:*:*
Oracle Corporation/Peoplesoft Enterprise Fmsllm-fuzzy
Range: 8.9 Bundle #38, 9.0 Bundle #31, 9.1 Bundle #6

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.us-cert.gov/cas/techalerts/TA10-287A.htmlnvdUS Government Resource
www.oracle.com/technetwork/topics/security/cpuoct2010-175626.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000