Description
Vulnerability in the Oracle Life Sciences Empirica Signal product of Oracle Life Science Applications (component: Common Core). Supported versions that are affected are 9.2.1-9.2.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Life Sciences Empirica Signal. While the vulnerability is in Oracle Life Sciences Empirica Signal, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Life Sciences Empirica Signal accessible data as well as unauthorized read access to a subset of Oracle Life Sciences Empirica Signal accessible data. CVSS 3.1 Base Score 8.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N).
Published: 2026-04-21
Score: 8.5 High
EPSS: n/a
KEV: No
Impact: Unauthorized data modification and access
Action: Patch Now
AI Analysis

Impact

A vulnerability in the Common Core component of Oracle Life Sciences Empirica Signal allows an attacker with low privilege to perform unauthorized creation, deletion or modification of critical data, as well as read access to a subset of data. The flaw results in a confidentiality impact that is low and an integrity impact that is high. Because the vulnerability can result in a change of scope, the damage may extend beyond the affected application to other Oracle Life Sciences products.

Affected Systems

Oracle Life Sciences Empirica Signal versions 9.2.1, 9.2.2 and 9.2.3 are affected. The vulnerability has been identified in the Oracle Life Science Applications suite and is specifically tied to the Common Core component within these releases.

Risk and Exploitability

The CVSS score of 8.5 indicates a high severity level. The attack vector is inferred to be remote over HTTP, and the requirement of low privilege suggests that any network host with HTTP access to the system could potentially exploit the issue without additional authentication. Because the EPSS score is not available, the likelihood of exploitation cannot be quantified, and the vulnerability is not currently listed in the CISA Known Exploited Vulnerabilities catalog. The high integrity impact and potential scope change warrant serious concern, especially in environments where unrestricted network traffic can reach the application.

Generated by OpenCVE AI on April 22, 2026 at 05:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Oracle patch or upgrade to a version of Empirica Signal that contains the local vulnerability fix.
  • Restrict external HTTP access to the Empirica Signal instance using firewalls or VPNs so that only trusted hosts can reach the service.
  • Enforce strict role‑based access controls and monitor logs for anomalous data creation, deletion, or modification activities.

Generated by OpenCVE AI on April 22, 2026 at 05:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 05:45:00 +0000

Type Values Removed Values Added
Title Remote Unauthorized Data Modification and Read in Oracle Life Sciences Empirica Signal via Low-Privilege HTTP Access
Weaknesses CWE-284

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle Life Sciences Empirica Signal product of Oracle Life Science Applications (component: Common Core). Supported versions that are affected are 9.2.1-9.2.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Life Sciences Empirica Signal. While the vulnerability is in Oracle Life Sciences Empirica Signal, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Life Sciences Empirica Signal accessible data as well as unauthorized read access to a subset of Oracle Life Sciences Empirica Signal accessible data. CVSS 3.1 Base Score 8.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N).
First Time appeared Oracle
Oracle life Sciences Empirica Signal
CPEs cpe:2.3:a:oracle:life_sciences_empirica_signal:*:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle life Sciences Empirica Signal
References
Metrics cvssV3_1

{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N'}

Subscriptions

Oracle Life Sciences Empirica Signal
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-04-21T20:34:58.883Z

Reserved: 2026-01-05T18:07:34.723Z

Link: CVE-2026-21997

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-21T21:16:24.653

Modified: 2026-04-21T21:16:24.653

Link: CVE-2026-21997

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T05:30:09Z

Weaknesses