{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34325", "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "state": "PUBLISHED", "assignerShortName": "oracle", "dateReserved": "2026-03-26T19:48:45.682Z", "datePublished": "2026-04-21T20:35:42.769Z", "dateUpdated": "2026-04-21T20:35:42.769Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle", "dateUpdated": "2026-04-21T20:35:42.769Z"}, "problemTypes": [{"descriptions": [{"lang": "en-US", "description": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Financial Services Analytical Applications Infrastructure executes to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Analytical Applications Infrastructure."}]}], "affected": [{"vendor": "Oracle Corporation", "product": "Oracle Financial Services Analytical Applications Infrastructure", "versions": [{"version": "8.0.7.9", "status": "affected", "versionType": "semver"}, {"version": "8.0.8.7", "status": "affected", "versionType": "semver"}, {"version": "8.1.2.5", "status": "affected", "versionType": "semver"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.9:*:*:*:*:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8.7:*:*:*:*:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.5:*:*:*:*:*:*:*"}]}]}], "descriptions": [{"lang": "en-US", "value": "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: User Interface). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Financial Services Analytical Applications Infrastructure executes to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.1 Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:H)."}], "references": [{"url": "https://www.oracle.com/security-alerts/cpuapr2026.html", "name": "Oracle Advisory", "tags": ["vendor-advisory"]}], "metrics": [{"cvssV3_1": {"attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "HIGH", "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:H", "baseScore": 6.8, "baseSeverity": "MEDIUM"}}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: User Interface). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Financial Services Analytical Applications Infrastructure executes to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.1 Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:H)."}], "id": "CVE-2026-34325", "lastModified": "2026-04-21T21:16:38.210", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 5.5, "source": "secalert_us@oracle.com", "type": "Primary"}]}, "published": "2026-04-21T21:16:38.210", "references": [{"source": "secalert_us@oracle.com", "url": "https://www.oracle.com/security-alerts/cpuapr2026.html"}], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Received"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "8.0.7.9"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "8.0.8.7"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "8.1.2.5"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Oracle Financial Services Analytical Applications Infrastructure", "source": "cna", "vendor": "Oracle Corporation"}, "product": "financial_services_analytical_applications_infrastructure", "vendor": "oracle"}], "analysis": {"en": {"generated_at": "2026-04-22T02:16:07.231416+00:00", "value": {"mitigation_remediation": ["Apply the Oracle security patch for the affected Oracle Financial Services Analytical Applications Infrastructure versions as documented in the Oracle CPU Apr 2026 advisory.", "If a patch is unavailable in the short term, restrict access to the User Interface so that only trusted administrators can use it; employ network segmentation and access control lists to limit local logon from untrusted users.", "Monitor application logs for attempted unauthorized access, application crashes, and anomalous user activity; configure alerts for repeated failures or abnormal transactions to detect exploitation attempts."], "summary": {"action": "Patch Now", "impact": "Unauthorized data access and denial of service"}, "threat_synthesis": {"affected_systems": "Affected product is the Oracle Financial Services Analytical Applications Infrastructure from Oracle Corporation. Version numbers impacted are 8.0.7.9, 8.0.8.7, and 8.1.2.5. These versions are listed in the security advisory and the corresponding CPE strings in the description.", "description_and_impact": "A vulnerability was identified in the User Interface component of Oracle Financial Services Analytical Applications Infrastructure. The flaw permits a low\u2011privileged user who has logged onto the infrastructure to obtain unauthorized access to critical data, modify or delete data, and trigger application hangs or crashes that result in a denial of service. The flaw leads to confidentiality, integrity, and availability impacts as noted in the CVSS vector CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:H.", "risk_and_exploitability": "The CVSS base score is 6.8, indicating a medium severity attack, and the EPSS score is not available. This vulnerability is not currently listed in CISA's KEV catalog. Exploitation requires a local attacker with low privileges and a separate human interaction, implying that physical access or trusted user credentials are needed. While the attack surface is relatively narrow, successful exploitation could grant extensive data access, unauthorized data manipulation, and potentially disrupt system availability, posing a moderate but non\u2011negligible risk to affected organizations."}}}}, "created": "2026-04-22T02:30:05.611931+00:00", "updated": "2026-04-22T03:00:06.530962+00:00", "vendors": ["oracle", "oracle$PRODUCT$financial_services_analytical_applications_infrastructure"]}