Oracle Financial Services Customer Screening is vulnerable to unauthenticated exploitation over HTTP, enabling disclosure of all accessible critical data. The weakness allows an attacker to bypass authentication controls, resulting in high confidentiality impact without requiring prior access or user interaction. This flaw is identified by the CVSS score of 7.5, which reflects the significant risk of data exposure for affected deployments.

Oracle Financial Services Customer Screening, version 8.1.2.8.0, within Oracle Financial Services Applications. The vulnerability is present in the User Interface component and applies to the specific CPE string relating to this product version.

The attacker must only be able to connect to the product over the network using HTTP. No authentication or special privileges are required, and it is inferred that no user interaction is necessary based on the CVSS vector. Because the exploit is easily triggered and the CVSS Base score indicates a high confidentiality impact, the risk to organizations is substantial. There is no EPSS score yet, and the vulnerability is not listed in CISA’s KEV catalog, but the high CVSS score warrants cautious mitigation. In the absence of additional mitigation steps from Oracle, applying the vendor’s patch or upgrading to a non‑affected version remains the most effective defense.