Description
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
Published: 2026-04-21
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: Remote Unauthorized Data Access
Action: Apply Patch
AI Analysis

Impact

The vulnerability resides in the Platform component of Oracle Financial Services Analytical Applications Infrastructure, allowing an attacker with low privileges and network access via HTTP to bypass access controls and read confidential data. The flaw results in unauthorized disclosure of critical information, impacting confidentiality only, and is reflected in a CVSS 3.1 base score of 6.5.

Affected Systems

Affected versions are Oracle Financial Services Analytical Applications Infrastructure 8.0.7.9, 8.0.8.7 and 8.1.2.5. Systems running these releases should confirm patch status against the April 2026 CPU advisory.

Risk and Exploitability

The risk is moderate, with an attack vector of network (AV:N) and low effort (AC:L). An attacker needs only network connectivity and low‑level credentials to exploit the issue and gain read access to all data exposed by the platform. While EPSS is not reported and the flaw is not listed in the CISA KEV catalog, its moderate confidentiality impact warrants timely remediation.

Generated by OpenCVE AI on April 22, 2026 at 07:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Oracle patch published in the April 2026 CPU that addresses the authorization bypass flaw.
  • Restrict HTTP access to the platform by applying network segmentation or firewall rules so that only trusted hosts can reach the service.
  • Review and tighten application‑level access controls, ensuring that low‑privileged accounts receive only the minimal permissions required to operate.

Generated by OpenCVE AI on April 22, 2026 at 07:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 05:15:00 +0000

Type Values Removed Values Added
Title Remote Unauthorized Data Access via HTTP in Oracle Financial Services Analytical Applications Infrastructure
Weaknesses CWE-284
CWE-285

Wed, 22 Apr 2026 02:45:00 +0000

Type Values Removed Values Added
Title Remote Unauthorized Data Access via HTTP in Oracle Financial Services Analytical Applications Infrastructure
Weaknesses CWE-284
CWE-285

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
First Time appeared Oracle
Oracle financial Services Analytical Applications Infrastructure
CPEs cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.5:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle financial Services Analytical Applications Infrastructure
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Oracle Financial Services Analytical Applications Infrastructure
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-04-21T20:35:37.724Z

Reserved: 2026-03-26T19:48:45.680Z

Link: CVE-2026-34313

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-21T21:16:36.783

Modified: 2026-04-21T21:16:36.783

Link: CVE-2026-34313

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T07:15:11Z

Weaknesses

No weakness.