This vulnerability affects the Oracle Financial Services Analytical Applications Infrastructure platform component in versions 8.0.7.9, 8.0.8.7, and 8.1.2.5. It is exploitable remotely over HTTP without authentication, allowing attackers to access sensitive data. The CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) indicates network attack vector, low attack complexity, no privileges or user interaction required, unchanged scope, and high confidentiality impact with no integrity or availability impact. The vulnerability is categorized under CWE-284 (Improper Access Control). Oracle’s April 2026 Critical Patch Update advisory references this vulnerability among many others but does not explicitly confirm patch availability or remediation details for this specific product. Customers are advised to review the advisory and apply relevant patches promptly.

Successful exploitation can lead to unauthorized access to critical or all accessible data within Oracle Financial Services Analytical Applications Infrastructure. This compromises confidentiality but does not affect integrity or availability. The vulnerability is remotely exploitable without authentication, increasing risk exposure for affected deployments accessible via HTTP. No known active exploitation has been reported.

Oracle’s April 2026 Critical Patch Update advisory strongly recommends applying the latest security patches promptly to address vulnerabilities, including this one. However, the advisory does not explicitly confirm the availability of a patch or provide specific remediation instructions for Oracle Financial Services Analytical Applications Infrastructure versions 8.0.7.9, 8.0.8.7, and 8.1.2.5. Organizations should monitor Oracle’s security alerts and apply any relevant patches as soon as they become available. Until a patch is confirmed, consider restricting network access to the affected services to trusted hosts only and implementing compensating controls to limit exposure.