Description
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: User Interface). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Financial Services Analytical Applications Infrastructure executes to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.1 Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:H).
Published: 2026-04-21
Score: 6.8 Medium
EPSS: n/a
KEV: No
Impact: Unauthorized data access and denial of service
Action: Patch Now
AI Analysis

Impact

An access control weakness in the User Interface component of Oracle Financial Services Analytical Applications Infrastructure enables a logged‑in low‑privileged user to read critical data, modify or delete some data, and cause application hangs or crashes that lead to denial of service. The flaw grants confidentiality, integrity, and availability impacts as reflected in the CVSS vector CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:H.

Affected Systems

Affecting Oracle Financial Services Analytical Applications Infrastructure from Oracle Corporation, versions 8.0.7.9, 8.0.8.7, and 8.1.2.5 are listed as vulnerable. These are highlighted in the Oracle CPU Apr 2026 advisory and correspond to the provided CPE entries.

Risk and Exploitability

The CVSS base score of 6.8 indicates a medium severity vulnerability. EPSS information is not available, and the flaw is not listed in CISA’s KEV catalog. Exploitation requires a local user with low privileges to interact with the User Interface, implying that physical access or credentials are needed. When successfully exploited, the attacker can gain unauthorized data access, alter or delete data, and repeatedly crash the application, representing a moderate but tangible risk for affected organizations.

Generated by OpenCVE AI on April 22, 2026 at 04:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Oracle security patch released in the CPU Apr 2026 advisory for the affected Oracle Financial Services Analytical Applications Infrastructure versions.
  • If immediate patching is not possible, limit User Interface access to trusted administrators, implement network segmentation or ACLs to prevent access from untrusted users, and enforce least‑privilege policies.
  • Configure monitoring of application logs and server metrics for signs of unauthorized access, data modifications, or recurring crashes, and set alerts for anomalous patterns.

Generated by OpenCVE AI on April 22, 2026 at 04:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 05:15:00 +0000

Type Values Removed Values Added
Title Low-Privilege UI Flaw Allows Unauthorized Data Access, Modification, and Denial of Service in Oracle Financial Services Applications
Weaknesses CWE-284
CWE-285

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: User Interface). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Financial Services Analytical Applications Infrastructure executes to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.1 Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:H).
First Time appeared Oracle
Oracle financial Services Analytical Applications Infrastructure
CPEs cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.5:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle financial Services Analytical Applications Infrastructure
References
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:H'}

Subscriptions

Oracle Financial Services Analytical Applications Infrastructure
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-04-21T20:35:42.769Z

Reserved: 2026-03-26T19:48:45.682Z

Link: CVE-2026-34325

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-21T21:16:38.210

Modified: 2026-04-21T21:16:38.210

Link: CVE-2026-34325

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T05:00:09Z

Weaknesses