CVE-2011-2272
Description
Unspecified vulnerability in the PeopleSoft Enterprise FSCM component in Oracle PeopleSoft Products 9.0, Bundle, #36, 9.1, Bundle, and #13 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to eProcurement.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An unspecified vulnerability in Oracle PeopleSoft Enterprise FSCM eProcurement allows remote authenticated users to affect confidentiality and integrity.
Vulnerability
This vulnerability exists in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products, specifically within the eProcurement module. The affected versions are PeopleSoft Enterprise FSCM 9.0 Bundle #36 and 9.1 Bundle #13 [1]. The vulnerability is unspecified but is known to be exploitable by remote authenticated users via unknown vectors related to eProcurement [1].
Exploitation
An attacker must have valid credentials to authenticate to the PeopleSoft system [1]. The exploitation does not require any special network position beyond authenticated access to the application. The specific attack vector is not disclosed in the available references, but it involves unknown vectors related to eProcurement functionality [1].
Impact
Successful exploitation allows a remote authenticated user to compromise both the confidentiality and integrity of the affected system [1]. The attacker can potentially access sensitive information and modify data within the PeopleSoft FSCM environment. The specific scope and privilege level of the compromise are not detailed in the available references.
Mitigation
Oracle released a Critical Patch Update (CPU) in July 2011 to address this vulnerability [1]. The fix is included in Bundle #37 for PeopleSoft Enterprise FSCM 9.0 and Bundle #14 for version 9.1. Organizations should apply the appropriate CPU patch as provided by Oracle. No workarounds are documented in the references.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4cpe:2.3:a:oracle:peoplesoft_enterprise_fscm:9.0:bundle36:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:oracle:peoplesoft_enterprise_fscm:9.0:bundle36:*:*:*:*:*:*
- cpe:2.3:a:oracle:peoplesoft_enterprise_fscm:9.1:bundle13:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_products:9.0:bundle36:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:oracle:peoplesoft_products:9.0:bundle36:*:*:*:*:*:*
- cpe:2.3:a:oracle:peoplesoft_products:9.1:bundle13:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.oracle.com/technetwork/topics/security/cpujuly2011-313328.htmlnvdPatchVendor Advisory
- www.us-cert.gov/cas/techalerts/TA11-201A.htmlnvdUS Government Resource
News mentions
0No linked articles in our index yet.