{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34314", "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "state": "PUBLISHED", "assignerShortName": "oracle", "dateReserved": "2026-03-26T19:48:45.680Z", "datePublished": "2026-04-21T20:35:38.146Z", "dateUpdated": "2026-04-21T20:35:38.146Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle", "dateUpdated": "2026-04-21T20:35:38.146Z"}, "problemTypes": [{"descriptions": [{"lang": "en-US", "description": "Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data."}]}], "affected": [{"vendor": "Oracle Corporation", "product": "Oracle Financial Services Analytical Applications Infrastructure", "versions": [{"version": "8.0.7.9", "status": "affected", "versionType": "semver"}, {"version": "8.0.8.7", "status": "affected", "versionType": "semver"}, {"version": "8.1.2.5", "status": "affected", "versionType": "semver"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.9:*:*:*:*:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8.7:*:*:*:*:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.5:*:*:*:*:*:*:*"}]}]}], "descriptions": [{"lang": "en-US", "value": "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N)."}], "references": [{"url": "https://www.oracle.com/security-alerts/cpuapr2026.html", "name": "Oracle Advisory", "tags": ["vendor-advisory"]}], "metrics": [{"cvssV3_1": {"attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "baseScore": 6.8, "baseSeverity": "MEDIUM"}}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N)."}], "id": "CVE-2026-34314", "lastModified": "2026-04-21T21:16:36.917", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.2, "source": "secalert_us@oracle.com", "type": "Primary"}]}, "published": "2026-04-21T21:16:36.917", "references": [{"source": "secalert_us@oracle.com", "url": "https://www.oracle.com/security-alerts/cpuapr2026.html"}], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Received"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[8.0.7.9,8.0.7.9]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[8.0.8.7,8.0.8.7]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[8.1.2.5,8.1.2.5]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Oracle Financial Services Analytical Applications Infrastructure", "source": "cna", "vendor": "Oracle Corporation"}, "product": "financial_services_analytical_applications_infrastructure", "vendor": "oracle"}], "analysis": {"en": {"generated_at": "2026-04-22T08:35:25.783681+00:00", "value": {"mitigation_remediation": ["Apply the Oracle patch referenced in Oracle\u2019s CPU April 2026 security advisory.", "Restrict HTTP access to the infrastructure by implementing firewall rules, VPN, or internal network segmentation so that only trusted hosts can reach the application.", "Enforce strict role-based access controls and review all user permissions to ensure that low-privileged users have no write access to critical data, and disable or secure any unused HTTP endpoints."], "summary": {"action": "Patch", "impact": "Unauthorized Data Modification and Access"}, "threat_synthesis": {"affected_systems": "Affected vendors and products include Oracle Corporation\u2019s Oracle Financial Services Analytical Applications Infrastructure. Versions impacted are 8.0.7.9, 8.0.8.7, and 8.1.2.5. No other versions are mentioned.", "description_and_impact": "The vulnerability permits an attacker with low privileges and network access to the HTTP interface of Oracle Financial Services Analytical Applications Infrastructure to compromise the system. Successful exploitation can lead to unauthorized creation, deletion, or modification of critical data, as well as unrestricted access to all data exposed by the infrastructure. The flaw results in confidentiality and integrity impacts, enabling attackers to alter or steal sensitive information.", "risk_and_exploitability": "The CVSS v3.1 score of 6.8 indicates a medium severity vulnerability that compromises confidentiality and integrity but not availability. The attack vector is network with HTTP, requiring low privileges. The EPSS score is not available, and the vulnerability is not listed in CISA\u2019s KEV catalog, suggesting no known widespread exploitation. Nonetheless, because the flaw permits widespread modification of critical data, a determined adversary could leverage this weakness, especially if network segmentation and access controls are lax. The typical exploitation path involves sending crafted requests over HTTP to the application with insufficient authorization checks, leading to unauthorized data operations."}}}}, "created": "2026-04-22T02:30:05.613387+00:00", "title": "Access Control Bypass Allowing Unauthorized Data Modification in Oracle Financial Services Analytical Applications Infrastructure", "updated": "2026-04-22T08:45:12.906748+00:00", "vendors": ["oracle", "oracle$PRODUCT$financial_services_analytical_applications_infrastructure"], "weaknesses": ["CWE-284", "CWE-639"]}