CVE-2026-34323
Received Received - Intake
Authentication Bypass in Oracle Life Sciences InForm Allows Data Manipulation

Publication date: 2026-04-21

Last updated on: 2026-04-23

Assigner: Oracle

Description
Vulnerability in the Oracle Life Sciences InForm product of Oracle Life Science Applications (component: IDM Authentication). Supported versions that are affected are 7.0.1.0 and 7.0.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Life Sciences InForm. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Life Sciences InForm accessible data as well as unauthorized read access to a subset of Oracle Life Sciences InForm accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Life Sciences InForm. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-21
Last Modified
2026-04-23
Generated
2026-06-16
AI Q&A
2026-04-22
EPSS Evaluated
2026-06-15
NVD
CVE-2026-34323
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
oracle life_sciences_inform 7.0.1.0
oracle life_sciences_inform 7.0.1.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows unauthorized read, update, insert, or delete access to some data within Oracle Life Sciences InForm, as well as the ability to cause a partial denial of service. Such unauthorized access and potential data manipulation could lead to non-compliance with data protection regulations like GDPR and HIPAA, which require strict controls over data confidentiality, integrity, and availability.

Specifically, unauthorized access to sensitive data may violate confidentiality requirements, while unauthorized modifications could impact data integrity. Additionally, denial of service could affect availability obligations under these standards.

Executive Summary

This vulnerability exists in the Oracle Life Sciences InForm product, specifically in the IDM Authentication component for versions 7.0.1.0 and 7.0.1.1.

It allows an unauthenticated attacker with network access via HTTP to compromise the system. However, successful exploitation requires human interaction from someone other than the attacker.

If exploited, the attacker can gain unauthorized abilities such as updating, inserting, or deleting some accessible data, reading a subset of accessible data, and causing a partial denial of service (partial DOS) on the Oracle Life Sciences InForm system.

Impact Analysis

The vulnerability can impact you by allowing an attacker to perform unauthorized actions on your Oracle Life Sciences InForm data.

  • Unauthorized update, insert, or delete access to some accessible data.
  • Unauthorized read access to a subset of accessible data.
  • Ability to cause a partial denial of service (partial DOS) affecting availability of the system.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34323. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart