Description
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N).
Published: 2026-04-21
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Data Modification and Access
Action: Patch
AI Analysis

Impact

The Oracle Financial Services Analytical Applications Infrastructure flaw is an access control bypass that allows an attacker with low privileges and network access to the HTTP interface to create, delete, or modify critical data, and to read any data exposed by the system. The weakness manifests as an authorization bypass and a privilege escalation condition. Successful attacks can result in unauthorized modification of critical data or full access to all Oracle Financial Services Analytical Applications Infrastructure‑exposed data, leading to confidentiality and integrity losses.

Affected Systems

Oracle Corporation’s Oracle Financial Services Analytical Applications Infrastructure is affected. Supported vulnerable versions are 8.0.7.9, 8.0.8.7, and 8.1.2.5. No other versions are indicated.

Risk and Exploitability

The CVSS score of 6.8 denotes a moderate risk, while the EPSS score of less than 1% indicates a very low probability that exploitation is occurring today. The vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is over the network via HTTP, requiring only low privileges. An attacker would send crafted requests to endpoints that lack proper authorization checks, thereby gaining unauthorized data operations across the infrastructure.

Generated by OpenCVE AI on April 29, 2026 at 02:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Oracle patch referenced in Oracle’s CPU April 2026 security advisory.
  • Restrict HTTP access to the infrastructure by implementing firewall rules, VPN, or internal network segmentation so that only trusted hosts can reach the application.
  • Enforce strict role‑based access controls, review all user permissions to ensure low‑privileged users have no write access to critical data, and disable or secure any unused HTTP endpoints.

Generated by OpenCVE AI on April 29, 2026 at 02:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 29 Apr 2026 02:45:00 +0000

Type Values Removed Values Added
Title Oracle Financial Services Analytical Applications Infrastructure Access Control Bypass and Privilege Escalation
Weaknesses CWE-284
CWE-639

Wed, 29 Apr 2026 00:45:00 +0000

Type Values Removed Values Added
Title Access Control Bypass Allowing Unauthorized Data Modification in Oracle Financial Services Analytical Applications Infrastructure
Weaknesses CWE-284
CWE-639

Thu, 23 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.5.0:*:*:*:*:*:*:*

Wed, 22 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 22 Apr 2026 09:00:00 +0000

Type Values Removed Values Added
Title Access Control Bypass Allowing Unauthorized Data Modification in Oracle Financial Services Analytical Applications Infrastructure
Weaknesses CWE-284
CWE-639

Wed, 22 Apr 2026 07:00:00 +0000

Type Values Removed Values Added
Title HTTP Remote Access Allowing Low-Privilege Data Modification in Oracle Financial Services Analytical Applications Infrastructure
Weaknesses CWE-284
CWE-639

Wed, 22 Apr 2026 02:45:00 +0000

Type Values Removed Values Added
Title HTTP Remote Access Allowing Low-Privilege Data Modification in Oracle Financial Services Analytical Applications Infrastructure
Weaknesses CWE-284
CWE-639

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N).
First Time appeared Oracle
Oracle financial Services Analytical Applications Infrastructure
CPEs cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.5:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle financial Services Analytical Applications Infrastructure
References
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N'}

Subscriptions

Oracle Financial Services Analytical Applications Infrastructure
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-05-10T19:59:28.068Z

Reserved: 2026-03-26T19:48:45.680Z

Link: CVE-2026-34314

cve-icon Vulnrichment

Updated: 2026-04-22T13:20:38.146Z

cve-icon NVD

Status : Modified

Published: 2026-04-21T21:16:36.917

Modified: 2026-05-10T20:16:28.387

Link: CVE-2026-34314

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T02:30:07Z

Weaknesses