CVE-2026-34325
User Interface Vulnerability in Oracle Financial Services Causes Data Exposure and DoS
Publication date: 2026-04-21
Last updated on: 2026-04-23
Assigner: Oracle
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | financial_services_analytical_applications_infrastructure | 8.0.7.9.0 |
| oracle | financial_services_analytical_applications_infrastructure | 8.0.8.7.0 |
| oracle | financial_services_analytical_applications_infrastructure | 8.1.2.5.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Oracle Financial Services Analytical Applications Infrastructure product, specifically in the User Interface component. It affects supported versions 8.0.7.9, 8.0.8.7, and 8.1.2.5. The vulnerability is easily exploitable by a low privileged attacker who has logon access to the infrastructure where the application runs.
Successful exploitation requires human interaction from someone other than the attacker. If exploited, it can lead to unauthorized access to critical data or complete access to all data accessible by the application. Additionally, it can allow unauthorized updates, inserts, or deletions of some data, and can cause the application to hang or crash repeatedly, resulting in a denial of service.
How can this vulnerability impact me? :
The impact of this vulnerability includes unauthorized access to critical or all accessible data within the Oracle Financial Services Analytical Applications Infrastructure. This means sensitive information could be exposed or manipulated by an attacker.
It also allows unauthorized modification of data, including updates, inserts, or deletions, which could compromise data integrity.
Furthermore, the vulnerability can cause the application to hang or crash repeatedly, leading to a complete denial of service, which affects availability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows unauthorized access to critical data and unauthorized modification of data within the Oracle Financial Services Analytical Applications Infrastructure. Such unauthorized access and data manipulation can lead to violations of data protection requirements under common standards and regulations like GDPR and HIPAA, which mandate the protection of sensitive data and the prevention of unauthorized access.
Additionally, the potential for denial of service (DoS) could impact availability requirements stipulated by these regulations.