CVE-2026-34298
Received Received - Intake
Unauthorized Data Modification and Partial DoS in Oracle Applications Framework Personalization

Publication date: 2026-04-21

Last updated on: 2026-04-24

Assigner: Oracle

Description
Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Personalization). Supported versions that are affected are 12.2.9-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data as well as unauthorized read access to a subset of Oracle Applications Framework accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Applications Framework. CVSS 3.1 Base Score 4.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-21
Last Modified
2026-04-24
Generated
2026-06-16
AI Q&A
2026-04-22
EPSS Evaluated
2026-06-15
NVD
CVE-2026-34298
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
oracle applications_framework From 12.2.9 (inc) to 12.2.15 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Oracle Applications Framework component of the Oracle E-Business Suite, specifically affecting versions 12.2.9 through 12.2.15. It is easily exploitable by a high privileged attacker who has network access via HTTP. The attacker can compromise the Oracle Applications Framework by gaining unauthorized capabilities.

Successful exploitation can allow the attacker to perform unauthorized updates, inserts, or deletions of some accessible data within the Oracle Applications Framework. Additionally, the attacker can gain unauthorized read access to a subset of accessible data and cause a partial denial of service (partial DOS) affecting the availability of the framework.

Impact Analysis

The impact of this vulnerability includes unauthorized modification and access to data within the Oracle Applications Framework, which can compromise data integrity and confidentiality. Attackers with high privileges can update, insert, or delete data without authorization, and read sensitive data they should not have access to.

Furthermore, the vulnerability can lead to a partial denial of service, reducing the availability of the Oracle Applications Framework and potentially disrupting business operations that rely on it.

Compliance Impact

The vulnerability allows unauthorized read, update, insert, or delete access to some data within Oracle Applications Framework, as well as the ability to cause a partial denial of service. Such unauthorized access and potential data manipulation could impact the confidentiality, integrity, and availability of data.

Because of these impacts, organizations using affected versions of Oracle Applications Framework might face challenges in maintaining compliance with data protection standards and regulations such as GDPR and HIPAA, which require strict controls over data confidentiality and integrity.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34298. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart