This vulnerability affects the User Interface component of Oracle Financial Services Analytical Applications Infrastructure in specified versions. It is exploitable by an attacker with low privileges who has logon access to the infrastructure. Exploitation requires user interaction from a third party. The impact includes high confidentiality loss, limited integrity loss, and high availability impact, as reflected in the CVSS vector (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:H). The vulnerability is categorized under CWE-284 (Improper Access Control). The vendor advisory references a Critical Patch Update containing numerous patches but does not explicitly confirm a patch for this specific CVE. Patch status is therefore not confirmed.

Successful exploitation can result in unauthorized access to critical or all accessible data within the Oracle Financial Services Analytical Applications Infrastructure. It also allows unauthorized update, insert, or delete operations on some data and can cause denial of service through application hangs or crashes. The vulnerability impacts confidentiality severely, integrity to a lesser extent, and availability significantly.

Patch status is not yet confirmed — check the Oracle Critical Patch Update advisory at https://www.oracle.com/security-alerts/cpuapr2026.html for current remediation guidance. Oracle strongly recommends applying Critical Patch Updates promptly to mitigate vulnerabilities. Until a patch is confirmed and applied, limit logon access to trusted users and educate users to avoid interacting with untrusted content that could trigger exploitation. Monitor Oracle advisories for updates on patch availability for this vulnerability.