CVE-2011-2277
Description
Unspecified vulnerability in the PeopleSoft Enterprise SCM component in Oracle PeopleSoft Products 9.0 Bundle #36 and 9.1 Bundle #13 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Purchasing.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Oracle PeopleSoft Enterprise SCM Purchasing component in versions 9.0 Bundle #36 and 9.1 Bundle #13 allows remote authenticated users to access confidential data and modify information via unknown vectors.
Vulnerability
An unspecified vulnerability exists in the Purchasing component of Oracle PeopleSoft Enterprise SCM, part of Oracle PeopleSoft Products. Affected versions are 9.0 Bundle #36 and 9.1 Bundle #13. The flaw is triggered via unknown vectors, requiring the user to be authenticated to the PeopleSoft instance and to have access to the Purchasing module functions.
Exploitation
A remote attacker must possess valid credentials for the PeopleSoft application and be able to interact with the Purchasing component. No additional privileges or network position beyond standard user access are required. The exact exploitation steps are not disclosed in the available references [1].
Impact
Successful exploitation allows the attacker to affect the confidentiality and integrity of the system. This means the attacker can read sensitive purchasing data and potentially modify purchase-related information, though the exact scope of data accessible or alterable is not specified.
Mitigation
Oracle released a Critical Patch Update (CPU) in July 2011 to address this vulnerability [1]. Organizations should apply the relevant patches for PeopleSoft Enterprise SCM 9.0 Bundle #36 and 9.1 Bundle #13 as provided in the Oracle Critical Patch Update Advisory - July 2011. No workarounds are documented in the available references.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
5cpe:2.3:a:oracle:peoplesoft_enterprise_scm:9.0:bundle36:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:oracle:peoplesoft_enterprise_scm:9.0:bundle36:*:*:*:*:*:*
- cpe:2.3:a:oracle:peoplesoft_enterprise_scm:9.1:bundle13:*:*:*:*:*:*
- (no CPE)range: 9.0 Bundle #36, 9.1 Bundle #13
cpe:2.3:a:oracle:peoplesoft_products:9.0:bundle36:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:oracle:peoplesoft_products:9.0:bundle36:*:*:*:*:*:*
- cpe:2.3:a:oracle:peoplesoft_products:9.1:bundle13:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.oracle.com/technetwork/topics/security/cpujuly2011-313328.htmlnvdPatchVendor Advisory
- www.us-cert.gov/cas/techalerts/TA11-201A.htmlnvdUS Government Resource
News mentions
0No linked articles in our index yet.