CVE-2026-34296
Received Received - Intake
Unauthorized Data Access via Network in Oracle Agile PLM

Publication date: 2026-04-21

Last updated on: 2026-04-23

Assigner: Oracle

Description
Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Product Quality Management). The supported version that is affected is 6.2.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile Product Lifecycle Management for Process. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Agile Product Lifecycle Management for Process accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-21
Last Modified
2026-04-23
Generated
2026-05-07
AI Q&A
2026-04-22
EPSS Evaluated
2026-05-05
NVD
CVE-2026-34296
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
oracle agile_product_lifecycle_management_for_process 6.2.4
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Oracle Agile Product Lifecycle Management for Process product, specifically in the Product Quality Management component. It affects version 6.2.4 and allows a low privileged attacker with network access via HTTP to exploit the system easily.

Successful exploitation can lead to unauthorized read access to some of the data accessible within Oracle Agile Product Lifecycle Management for Process.


How can this vulnerability impact me? :

The impact of this vulnerability is primarily on confidentiality. An attacker with low privileges and network access could gain unauthorized read access to certain data within the Oracle Agile Product Lifecycle Management for Process system.

There is no impact on integrity or availability according to the CVSS score.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

This vulnerability allows unauthorized read access to a subset of data within Oracle Agile Product Lifecycle Management for Process. Such unauthorized data access could potentially lead to non-compliance with data protection regulations like GDPR and HIPAA, which require strict controls on access to sensitive or personal data.

However, the provided information does not specify the nature of the data exposed or whether it includes personal or protected health information, so the exact impact on compliance with these standards cannot be determined from the given data.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart