Description
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: User Interface). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N).
Published: 2026-04-21
Score: 4.8 Medium
EPSS: n/a
KEV: No
Impact: Unauthorized Data Access
Action: Apply Patch
AI Analysis

Impact

A flaw in the User Interface component of Oracle Financial Services Analytical Applications Infrastructure allows a low‑privileged attacker with network access over HTTP to compromise the application. The vulnerability requires a victim to interact with the compromised UI, typically through social engineering, and can enable unauthorized access to critical data or complete exfiltration of all data exposed by the application. The weakness is an improper access control that primarily impacts confidentiality while leaving integrity and availability unaffected.

Affected Systems

Oracle Corporation’s Financial Services Analytical Applications Infrastructure, specifically versions 8.0.7.9, 8.0.8.7, and 8.1.2.5, as identified by the User Interface component of these products.

Risk and Exploitability

The CVSS 3.1 base score of 4.8 indicates moderate severity, driven by confidentiality impact. EPSS is not available, so the likelihood of exploitation cannot be quantified, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is remote over HTTP, requiring low attacker privileges and a human victim to interact with the compromised UI. Although exploitation is not trivial, the need for social engineering increases practical risk for organizations that expose this component to external or untrusted networks.

Generated by OpenCVE AI on April 22, 2026 at 07:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Oracle Financial Services Analytical Applications Infrastructure security patch for versions 8.0.7.9, 8.0.8.7, or 8.1.2.5.
  • Limit HTTP access to the User Interface to trusted IP ranges or VPN‑only connections.
  • Enable logging and monitor for suspicious UI activity that could indicate exploitation attempts.

Generated by OpenCVE AI on April 22, 2026 at 07:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 06:45:00 +0000

Type Values Removed Values Added
Title Unauthorized Data Access via HTTP in Oracle Financial Services Analytical Applications Infrastructure
Weaknesses CWE-284
CWE-285

Wed, 22 Apr 2026 02:45:00 +0000

Type Values Removed Values Added
Title Unauthorized Data Access via HTTP in Oracle Financial Services Analytical Applications Infrastructure
Weaknesses CWE-284
CWE-285

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: User Interface). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N).
First Time appeared Oracle
Oracle financial Services Analytical Applications Infrastructure
CPEs cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.5:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle financial Services Analytical Applications Infrastructure
References
Metrics cvssV3_1

{'score': 4.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N'}

Subscriptions

Oracle Financial Services Analytical Applications Infrastructure
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-04-21T20:35:41.189Z

Reserved: 2026-03-26T19:48:45.682Z

Link: CVE-2026-34321

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-21T21:16:37.787

Modified: 2026-04-21T21:16:37.787

Link: CVE-2026-34321

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T07:30:11Z

Weaknesses

No weakness.