Description
Vulnerability in the Oracle Financial Services Transaction Filtering product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.1.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Transaction Filtering. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Transaction Filtering accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Published: 2026-04-21
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Confidentiality breach
Action: Patch immediately
AI Analysis

Impact

The flaw exists in the user interface component of Oracle Financial Services Transaction Filtering and allows an attacker with no credentials to exploit the product over an HTTP interface. Successful exploitation permits the adversary to read or retrieve any data that the application exposes, effectively breaking confidentiality for all information accessible through the system. This impact is reflected in a CVSS v3.1 score of 7.5, indicating a high potential for data disclosure when the vulnerability is harnessed.

Affected Systems

Oracle Corporation’s Oracle Financial Services Transaction Filtering, version 8.1.2.8.0, is the only release explicitly flagged as vulnerable. Any installation running this version should be treated as affected until the vendor’s fix is applied.

Risk and Exploitability

The CVSS base score of 7.5 demonstrates that an attacker can mount the attack with minimal effort—only network reachability to the HTTP endpoint is required, and no authentication is needed. Although the EPSS score is not provided, the absence of a KEV listing does not diminish the urgency of protection, because the combination of a low attack effort and severe confidentiality impact makes exploitation attractive to threat actors. Network segmentation or firewalls that deny untrusted hosts from contacting the UI interface can mitigate the practical risk, but the definitive countermeasure is the vendor’s patch.

Generated by OpenCVE AI on April 22, 2026 at 07:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official Oracle patch that addresses CVE-2026-35231 for Oracle Financial Services Transaction Filtering; if the patch is not yet released, upgrade to a newer supported version that includes the fix.
  • Restrict external HTTP traffic to the product with firewall rules or network segmentation so that only trusted internal hosts can reach the UI interface.
  • If the UI component is not required for your operations, disable or remove it from the deployment.
  • Enable comprehensive logging of authentication and data access attempts and monitor for suspicious activity that may indicate exploitation.

Generated by OpenCVE AI on April 22, 2026 at 07:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 22 Apr 2026 07:45:00 +0000

Type Values Removed Values Added
Title Unauthenticated HTTP Data Disclosure in Oracle Financial Services Transaction Filtering

Wed, 22 Apr 2026 06:45:00 +0000

Type Values Removed Values Added
Title Unauthenticated HTTP Access Leading to Confidential Data Exposure in Oracle Financial Services Transaction Filtering
Weaknesses CWE-200
CWE-284
CWE-287

Wed, 22 Apr 2026 02:30:00 +0000

Type Values Removed Values Added
Title Unauthenticated HTTP Access Leading to Confidential Data Exposure in Oracle Financial Services Transaction Filtering
Weaknesses CWE-200
CWE-284
CWE-287

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle Financial Services Transaction Filtering product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.1.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Transaction Filtering. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Transaction Filtering accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
First Time appeared Oracle
Oracle financial Services Transaction Filtering
CPEs cpe:2.3:a:oracle:financial_services_transaction_filtering:8.1.2.8.0:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle financial Services Transaction Filtering
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Oracle Financial Services Transaction Filtering
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-04-22T15:33:59.745Z

Reserved: 2026-04-01T20:03:40.833Z

Link: CVE-2026-35231

cve-icon Vulnrichment

Updated: 2026-04-22T15:20:26.566Z

cve-icon NVD

Status : Received

Published: 2026-04-21T21:16:38.717

Modified: 2026-04-22T16:16:55.357

Link: CVE-2026-35231

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T11:45:09Z

Weaknesses