Description
Vulnerability in the Oracle Life Sciences Central Coding product of Oracle Health Sciences Applications (component: Platform). The supported version that is affected is 7.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Life Sciences Central Coding. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Life Sciences Central Coding accessible data as well as unauthorized read access to a subset of Oracle Life Sciences Central Coding accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).
Published: 2026-01-20
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized data modification and disclosure
Action: Immediate Patch
AI Analysis

Impact

A vulnerability exists in Oracle Life Sciences Central Coding version 7.0.1.0 that permits an unauthenticated attacker with network access via HTTP to modify or delete data and to read restricted data. The flaw compromises confidentiality and integrity, allowing unauthorized update, insert, or delete operations as well as partial disclosure of content. Though the CVSS vector indicates no authentication is required, the actual attack vector is likely through the publicly exposed HTTP interface, making the risk reachable over the network.

Affected Systems

Oracle Corporation’s Life Sciences Central Coding platform, specifically version 7.0.1.0. No other versions or products are listed as affected.

Risk and Exploitability

The CVSS v3.1 base score of 6.5 denotes moderate severity, and the EPSS score of less than 1% indicates a low probability of exploitation at the time of analysis. The vulnerability is not currently listed in the CISA KEV catalog. Because the flaw allows unauthenticated network access to read or alter data, any host exposing the HTTP interface could be compromised if not mitigated, but the overall likelihood of exploitation remains low based on current evidence.

Generated by OpenCVE AI on April 18, 2026 at 04:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest patch for Oracle Life Sciences Central Coding or upgrade to a version that addresses this vulnerability.
  • Restrict HTTP access to the application servers by firewall rules or VPN so that only trusted internal sources can reach the HTTP interface.
  • Enforce authentication and proper access controls on any exposed endpoints to ensure only authorized users can modify or read data.

Generated by OpenCVE AI on April 18, 2026 at 04:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 04:45:00 +0000

Type Values Removed Values Added
Title Unauthenticated HTTP Data Modification and Disclosure in Oracle Life Sciences Central Coding
Weaknesses CWE-284
CWE-306
CWE-862

Thu, 29 Jan 2026 15:00:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo

Wed, 21 Jan 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 20 Jan 2026 22:15:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle Life Sciences Central Coding product of Oracle Health Sciences Applications (component: Platform). The supported version that is affected is 7.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Life Sciences Central Coding. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Life Sciences Central Coding accessible data as well as unauthorized read access to a subset of Oracle Life Sciences Central Coding accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).
First Time appeared Oracle
Oracle life Sciences Central Coding
CPEs cpe:2.3:a:oracle:life_sciences_central_coding:7.0.1.0:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle life Sciences Central Coding
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}

Subscriptions

Oracle Life Sciences Central Coding
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-01-21T17:00:43.202Z

Reserved: 2026-01-05T18:07:34.716Z

Link: CVE-2026-21980

cve-icon Vulnrichment

Updated: 2026-01-21T16:43:56.093Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-20T22:16:01.390

Modified: 2026-01-29T14:46:09.587

Link: CVE-2026-21980

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T04:30:35Z

Weaknesses