This vulnerability affects Oracle Financial Services Analytical Applications Infrastructure (versions 8.0.7.9, 8.0.8.7, and 8.1.2.5) and allows a low privileged attacker with network access via HTTP to compromise the system. Successful exploitation can lead to unauthorized creation, deletion, or modification of critical data or full access to all accessible data within the infrastructure. The CVSS 3.1 vector indicates network attack vector, high attack complexity, low privileges required, no user interaction, unchanged scope, and high confidentiality and integrity impacts without availability impact. The vulnerability is categorized under CWE-284 (Improper Access Control). Oracle's April 2026 Critical Patch Update advisory includes this vulnerability among many others and strongly recommends applying patches without delay.

The impact of this vulnerability includes unauthorized creation, deletion, or modification of critical data or complete unauthorized access to all data accessible within the Oracle Financial Services Analytical Applications Infrastructure. This could compromise data confidentiality and integrity but does not affect availability. The CVSS score of 6.8 reflects a medium severity level, indicating a significant but not critical risk. There are no known exploits in the wild at this time.

Oracle includes this vulnerability in its April 2026 Critical Patch Update advisory and strongly recommends that customers apply the update promptly to address this and other vulnerabilities. There is no specific patch link provided for this vulnerability alone, so users should refer to the April 2026 CPU for Fusion Middleware products and Oracle Financial Services Analytical Applications Infrastructure. No vendor advisory states that no action is required or that the issue is already mitigated. Therefore, applying the official Oracle Critical Patch Update is the recommended remediation.