This vulnerability affects Oracle Financial Services Analytical Applications Infrastructure (versions 8.0.7.9, 8.0.8.7, and 8.1.2.5) and allows an attacker with low privileges and network access via HTTP to compromise the system. The compromise can lead to unauthorized access to critical or all accessible data within the product. The CVSS 3.1 vector indicates network attack vector, low attack complexity, low privileges required, no user interaction, unchanged scope, high confidentiality impact, and no impact on integrity or availability. The vulnerability is listed in Oracle's April 2026 Critical Patch Update advisory, which contains numerous patches across Oracle products, but the advisory does not explicitly state the patch status for this specific vulnerability. Customers are strongly advised to apply the April 2026 Critical Patch Update to address vulnerabilities in Fusion Middleware products, which may include this product.

Successful exploitation can result in unauthorized access to critical or all accessible data within Oracle Financial Services Analytical Applications Infrastructure. The confidentiality of sensitive data is at high risk, but there is no impact on data integrity or availability. No known active exploitation has been reported.

Oracle has included this vulnerability in its April 2026 Critical Patch Update advisory. Although the advisory does not explicitly confirm patch availability for this specific vulnerability, Oracle strongly recommends applying the April 2026 Critical Patch Update for Fusion Middleware products, which likely includes patches addressing this issue. Customers should verify patch applicability and promptly apply the relevant updates. Patch status is not yet explicitly confirmed for this vulnerability alone—check the Oracle advisory for the latest remediation guidance.