This vulnerability affects the Oracle Life Sciences InForm product, specifically versions 7.0.1.0 and 7.0.1.1, within the application server component. It allows an unauthenticated attacker with network access over HTTP to compromise the system by gaining unauthorized ability to update, insert, or delete some accessible data, as well as read unauthorized subsets of data. The CVSS 3.1 vector indicates network attack vector, low attack complexity, no privileges required, no user interaction, unchanged scope, with low confidentiality and integrity impacts and no availability impact. The vulnerability is considered easily exploitable. Oracle’s April 2026 Critical Patch Update advisory references multiple patches across products but does not explicitly confirm a patch for this vulnerability in the provided text. Customers are advised to apply Critical Patch Updates promptly to address known vulnerabilities.

Successful exploitation can lead to unauthorized read access to some data and unauthorized modification (update, insert, delete) of some accessible data within Oracle Life Sciences InForm. This compromises confidentiality and integrity of the affected data but does not impact system availability. The vulnerability requires only network access via HTTP and no authentication, increasing risk if the system is exposed to untrusted networks. No known active exploitation has been reported.

Oracle’s April 2026 Critical Patch Update advisory recommends applying the latest patches promptly. Although the advisory does not explicitly confirm a patch for CVE-2026-34324, it strongly encourages customers to remain on actively supported versions and apply Critical Patch Updates without delay to mitigate this and other vulnerabilities. Patch status for this specific vulnerability is not explicitly confirmed in the advisory; therefore, users should consult the vendor advisory directly for the most current remediation information. No vendor statement indicates that no action is required or that the vulnerability is already mitigated.