Description
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Published: 2026-04-21
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Confidentiality impact
Action: Patch immediately
AI Analysis

Impact

A remote attacker who can reach the Oracle Financial Services Analytical Applications Infrastructure application over HTTP can exploit a vulnerability that does not require any authentication. Exploitation gives the attacker access to confidential data housed in the environment, potentially allowing full read access to all data that the instance is allowed to serve. The weakness is reflected in a CVSS 3.1 score of 7.5, with a high confidentiality impact and no impact to integrity or availability.

Affected Systems

Oracle Financial Services Analytical Applications Infrastructure for the Platform component. The versions affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. These are the supported releases listed by Oracle as vulnerable.

Risk and Exploitability

The vulnerability is exploitable over a network link via ordinary HTTP traffic, with no user interaction or special privileges required. The CVSS score of 7.5 signals a high-risk exposure, and although a current EPSS score is not available, the lack of a KEV listing does not diminish the likelihood of exploitation by malicious actors. The likely attack vector is a remote connection to the application’s HTTP endpoint.

Generated by OpenCVE AI on April 22, 2026 at 05:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Oracle patch for the affected versions released in the April 2026 CPU advisory.
  • If patching cannot be applied immediately, restrict HTTP access to the application by firewalling it so that only trusted hosts can reach the interface.
  • Enable detailed logging for HTTP requests to the application and monitor for unexpected or unauthorized access attempts.

Generated by OpenCVE AI on April 22, 2026 at 05:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 22 Apr 2026 03:15:00 +0000

Type Values Removed Values Added
Title Unauthenticated HTTP Remote Confidentiality Exposure in Oracle Financial Services Analytical Applications Infrastructure
Weaknesses CWE-285

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
First Time appeared Oracle
Oracle financial Services Analytical Applications Infrastructure
CPEs cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.5:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle financial Services Analytical Applications Infrastructure
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Oracle Financial Services Analytical Applications Infrastructure
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-04-22T13:48:26.552Z

Reserved: 2026-01-05T18:07:34.727Z

Link: CVE-2026-22010

cve-icon Vulnrichment

Updated: 2026-04-22T13:46:33.027Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-04-21T21:16:27.550

Modified: 2026-04-22T21:24:26.997

Link: CVE-2026-22010

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T05:30:09Z

Weaknesses