Description
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N).
Published: 2026-04-21
Score: 6.8 Medium
EPSS: n/a
KEV: No
Impact: Unauthorized Data Modification and Access
Action: Patch
AI Analysis

Impact

The vulnerability permits an attacker with low privileges and network access to the HTTP interface of Oracle Financial Services Analytical Applications Infrastructure to compromise the system. Successful exploitation can lead to unauthorized creation, deletion, or modification of critical data, as well as unrestricted access to all data exposed by the infrastructure. The flaw results in confidentiality and integrity impacts, enabling attackers to alter or steal sensitive information.

Affected Systems

Affected vendors and products include Oracle Corporation’s Oracle Financial Services Analytical Applications Infrastructure. Versions impacted are 8.0.7.9, 8.0.8.7, and 8.1.2.5. No other versions are mentioned.

Risk and Exploitability

The CVSS v3.1 score of 6.8 indicates a medium severity vulnerability that compromises confidentiality and integrity but not availability. The attack vector is network with HTTP, requiring low privileges. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog, suggesting no known widespread exploitation. Nonetheless, because the flaw permits widespread modification of critical data, a determined adversary could leverage this weakness, especially if network segmentation and access controls are lax. The typical exploitation path involves sending crafted requests over HTTP to the application with insufficient authorization checks, leading to unauthorized data operations.

Generated by OpenCVE AI on April 22, 2026 at 06:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Oracle patch referenced in Oracle’s CPU April 2026 security advisory.
  • Restrict HTTP access to the infrastructure by implementing firewall rules, VPN, or internal network segmentation so that only trusted hosts can reach the application.
  • Enforce strict role‑based access controls and review all user permissions to ensure that low‑privileged users have no write access to critical data, and disable or secure any unused HTTP endpoints.

Generated by OpenCVE AI on April 22, 2026 at 06:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 07:00:00 +0000

Type Values Removed Values Added
Title HTTP Remote Access Allowing Low-Privilege Data Modification in Oracle Financial Services Analytical Applications Infrastructure
Weaknesses CWE-284
CWE-639

Wed, 22 Apr 2026 02:45:00 +0000

Type Values Removed Values Added
Title HTTP Remote Access Allowing Low-Privilege Data Modification in Oracle Financial Services Analytical Applications Infrastructure
Weaknesses CWE-284
CWE-639

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N).
First Time appeared Oracle
Oracle financial Services Analytical Applications Infrastructure
CPEs cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.5:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle financial Services Analytical Applications Infrastructure
References
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N'}

Subscriptions

Oracle Financial Services Analytical Applications Infrastructure
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-04-21T20:35:38.146Z

Reserved: 2026-03-26T19:48:45.680Z

Link: CVE-2026-34314

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-21T21:16:36.917

Modified: 2026-04-21T21:16:36.917

Link: CVE-2026-34314

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T06:45:10Z

Weaknesses

No weakness.