{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34320", "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "state": "PUBLISHED", "assignerShortName": "oracle", "dateReserved": "2026-03-26T19:48:45.682Z", "datePublished": "2026-04-21T20:35:40.756Z", "dateUpdated": "2026-04-22T13:08:50.544Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle", "dateUpdated": "2026-04-21T20:35:40.756Z"}, "problemTypes": [{"descriptions": [{"lang": "en-US", "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Customer Screening. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Customer Screening accessible data."}]}], "affected": [{"vendor": "Oracle Corporation", "product": "Oracle Financial Services Customer Screening", "versions": [{"version": "8.1.2.8.0", "status": "affected", "versionType": "semver"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oracle:financial_services_customer_screening:8.1.2.8.0:*:*:*:*:*:*:*"}]}]}], "descriptions": [{"lang": "en-US", "value": "Vulnerability in the Oracle Financial Services Customer Screening product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.1.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Customer Screening. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Customer Screening accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."}], "references": [{"url": "https://www.oracle.com/security-alerts/cpuapr2026.html", "name": "Oracle Advisory", "tags": ["vendor-advisory"]}], "metrics": [{"cvssV3_1": {"attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH"}}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-285", "lang": "en", "description": "CWE-285 Improper Authorization"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-22T13:04:38.532599Z", "id": "CVE-2026-34320", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T13:08:50.544Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34320", "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "state": "PUBLISHED", "assignerShortName": "oracle", "dateReserved": "2026-03-26T19:48:45.682Z", "datePublished": "2026-04-21T20:35:40.756Z", "dateUpdated": "2026-04-22T13:08:50.544Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle", "dateUpdated": "2026-04-21T20:35:40.756Z"}, "problemTypes": [{"descriptions": [{"lang": "en-US", "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Customer Screening. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Customer Screening accessible data."}]}], "affected": [{"vendor": "Oracle Corporation", "product": "Oracle Financial Services Customer Screening", "versions": [{"version": "8.1.2.8.0", "status": "affected", "versionType": "semver"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oracle:financial_services_customer_screening:8.1.2.8.0:*:*:*:*:*:*:*"}]}]}], "descriptions": [{"lang": "en-US", "value": "Vulnerability in the Oracle Financial Services Customer Screening product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.1.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Customer Screening. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Customer Screening accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."}], "references": [{"url": "https://www.oracle.com/security-alerts/cpuapr2026.html", "name": "Oracle Advisory", "tags": ["vendor-advisory"]}], "metrics": [{"cvssV3_1": {"attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH"}}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34320", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-22T13:04:38.532599Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-285", "description": "CWE-285 Improper Authorization"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T13:08:04.607Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Financial Services Customer Screening product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.1.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Customer Screening. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Customer Screening accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."}], "id": "CVE-2026-34320", "lastModified": "2026-04-22T21:24:26.997", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "secalert_us@oracle.com", "type": "Secondary"}]}, "published": "2026-04-21T21:16:37.643", "references": [{"source": "secalert_us@oracle.com", "url": "https://www.oracle.com/security-alerts/cpuapr2026.html"}], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-285"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.1.2.8.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Oracle Financial Services Customer Screening", "source": "cna", "vendor": "Oracle Corporation"}, "product": "financial_services_customer_screening", "vendor": "oracle"}], "analysis": {"en": {"generated_at": "2026-04-22T07:28:46.968761+00:00", "value": {"mitigation_remediation": ["Apply the latest Oracle patch or upgrade to a non\u2011affected version of Oracle Financial Services Customer Screening", "Configure network firewalls to block HTTP traffic to the vulnerable interfaces unless absolutely necessary", "Restrict access to the User Interface by enforcing strong authentication and role\u2011based access controls"], "summary": {"action": "Immediate Patch", "impact": "Confidential data exposure due to unauthenticated network access"}, "threat_synthesis": {"affected_systems": "Oracle Financial Services Customer Screening, version 8.1.2.8.0, within Oracle Financial Services Applications. The vulnerability is present in the User Interface component and applies to the specific CPE string relating to this product version.", "description_and_impact": "Oracle Financial Services Customer Screening is vulnerable to unauthenticated exploitation over HTTP, enabling disclosure of all accessible critical data. The weakness allows an attacker to bypass authentication controls, resulting in high confidentiality impact without requiring prior access or user interaction. This flaw is identified by the CVSS score of 7.5, which reflects the significant risk of data exposure for affected deployments.", "risk_and_exploitability": "The attacker must only be able to connect to the product over the network using HTTP. No authentication or special privileges are required, and it is inferred that no user interaction is necessary based on the CVSS vector. Because the exploit is easily triggered and the CVSS Base score indicates a high confidentiality impact, the risk to organizations is substantial. There is no EPSS score yet, and the vulnerability is not listed in CISA\u2019s KEV catalog, but the high CVSS score warrants cautious mitigation. In the absence of additional mitigation steps from Oracle, applying the vendor\u2019s patch or upgrading to a non\u2011affected version remains the most effective defense."}}}}, "created": "2026-04-22T02:30:05.612657+00:00", "title": "Unauthorized Network Access Vulnerability in Oracle Financial Services Customer Screening UI", "updated": "2026-04-22T11:45:10.684581+00:00", "vendors": ["oracle", "oracle$PRODUCT$financial_services_customer_screening"], "weaknesses": ["CWE-200", "CWE-285"]}