Description
Vulnerability in the Oracle Life Sciences Central Designer product of Oracle Health Sciences Applications (component: Platform). The supported version that is affected is 7.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Life Sciences Central Designer. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Life Sciences Central Designer accessible data as well as unauthorized read access to a subset of Oracle Life Sciences Central Designer accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).
Published: 2026-01-20
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthenticated data modification and disclosure
Action: Patch Immediately
AI Analysis

Impact

The vulnerability allows an unauthenticated attacker with network access to the Oracle Life Sciences Central Designer application over HTTP to modify, insert, or delete data, as well as read protected data. This results in confidentiality and integrity impacts for the data accessible through the application. The flaw does not provide direct remote code execution or denial of service, but compromise of data can lead to severe business and regulatory implications.

Affected Systems

Oracle Life Sciences Central Designer, version 7.0.1.0, part of Oracle Health Sciences Applications, is the only product explicitly listed as affected. No other versions or products are documented in the CVE data.

Risk and Exploitability

The CVSS v3.1 base score of 6.5 indicates a moderate severity with low impact on availability and low to moderate confidentiality and integrity impacts. The EPSS score is less than 1%, suggesting a very low likelihood that the vulnerability is actively exploited in the wild. The vulnerability is not listed in the CISA KEV catalog, indicating it has not been identified as a known exploited vulnerability. The likely attack vector is an unauthenticated HTTP connection; an attacker would exploit the flaw remotely and does not require special credentials or elevated privileges to alter application data.

Generated by OpenCVE AI on April 18, 2026 at 04:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official Oracle update for Life Sciences Central Designer as detailed in the CPU-JAN-2026 security alert.
  • Restrict HTTP access to the Life Sciences Central Designer instance, for example by firewall rules or network segmentation, to prevent unauthenticated connections.
  • Enable comprehensive logging and monitor for anomalous data modification or access attempts, and enforce rate limiting or IP blocking for repeated unauthorized activity.

Generated by OpenCVE AI on April 18, 2026 at 04:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 05:00:00 +0000

Type Values Removed Values Added
Title Unauthenticated HTTP Data Modification and Disclosure in Oracle Life Sciences Central Designer
Weaknesses CWE-284

Thu, 29 Jan 2026 21:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo

Wed, 21 Jan 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 20 Jan 2026 22:15:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle Life Sciences Central Designer product of Oracle Health Sciences Applications (component: Platform). The supported version that is affected is 7.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Life Sciences Central Designer. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Life Sciences Central Designer accessible data as well as unauthorized read access to a subset of Oracle Life Sciences Central Designer accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).
First Time appeared Oracle
Oracle life Sciences Central Designer
CPEs cpe:2.3:a:oracle:life_sciences_central_designer:7.0.1.0:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle life Sciences Central Designer
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}

Subscriptions

Oracle Life Sciences Central Designer
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-01-21T20:49:28.694Z

Reserved: 2026-01-05T18:07:34.708Z

Link: CVE-2026-21923

cve-icon Vulnrichment

Updated: 2026-01-21T20:49:25.287Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-20T22:15:54.667

Modified: 2026-01-29T21:25:57.100

Link: CVE-2026-21923

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T04:45:36Z

Weaknesses