{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34320", "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "state": "PUBLISHED", "assignerShortName": "oracle", "dateReserved": "2026-03-26T19:48:45.682Z", "datePublished": "2026-04-21T20:35:40.756Z", "dateUpdated": "2026-04-21T20:35:40.756Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle", "dateUpdated": "2026-04-21T20:35:40.756Z"}, "problemTypes": [{"descriptions": [{"lang": "en-US", "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Customer Screening. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Customer Screening accessible data."}]}], "affected": [{"vendor": "Oracle Corporation", "product": "Oracle Financial Services Customer Screening", "versions": [{"version": "8.1.2.8.0", "status": "affected", "versionType": "semver"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oracle:financial_services_customer_screening:8.1.2.8.0:*:*:*:*:*:*:*"}]}]}], "descriptions": [{"lang": "en-US", "value": "Vulnerability in the Oracle Financial Services Customer Screening product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.1.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Customer Screening. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Customer Screening accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."}], "references": [{"url": "https://www.oracle.com/security-alerts/cpuapr2026.html", "name": "Oracle Advisory", "tags": ["vendor-advisory"]}], "metrics": [{"cvssV3_1": {"attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH"}}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Financial Services Customer Screening product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.1.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Customer Screening. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Customer Screening accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."}], "id": "CVE-2026-34320", "lastModified": "2026-04-21T21:16:37.643", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "secalert_us@oracle.com", "type": "Primary"}]}, "published": "2026-04-21T21:16:37.643", "references": [{"source": "secalert_us@oracle.com", "url": "https://www.oracle.com/security-alerts/cpuapr2026.html"}], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Received"}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T02:18:44.034290+00:00", "value": {"mitigation_remediation": ["Apply the latest Oracle patch or upgrade to a non\u2011affected version of Oracle Financial Services Customer Screening", "Configure network firewalls to block HTTP traffic to the vulnerable interfaces unless absolutely necessary", "Restrict access to the User Interface by enforcing strong authentication and role\u2011based access controls"], "summary": {"action": "Immediate Patch", "impact": "Confidential data exposure due to unauthenticated network access"}, "threat_synthesis": {"affected_systems": "Oracle Financial Services Customer Screening, version 8.1.2.8.0, within Oracle Financial Services Applications. The vulnerability is present in the User Interface component and applies to the specific CPE string relating to this product version.", "description_and_impact": "Oracle Financial Services Customer Screening is vulnerable to unauthenticated exploitation over HTTP, enabling disclosure of all accessible critical data. The weakness allows an attacker to bypass authentication controls, resulting in high confidentiality impact without requiring prior access or user interaction. This flaw is identified by the CVSS score of 7.5, which reflects the significant risk of data exposure for affected deployments.", "risk_and_exploitability": "The attacker must only be able to connect to the product over the network using HTTP. No authentication or special privileges are required, and no user interaction is necessary. Because the exploit is easily triggered and the CVSS Base score indicates a high confidentiality impact, the risk to organizations is substantial. There is no EPSS score yet, and the vulnerability is not listed in CISA\u2019s KEV catalog, but the high CVSS score warrants cautious mitigation. In the absence of additional mitigation steps from Oracle, applying the vendor\u2019s patch or upgrading to a non\u2011affected version remains the most effective defense."}}}}, "created": "2026-04-22T02:30:05.612657+00:00", "title": "Unauthenticated Network Access Allows Confidential Data Disclosure in Oracle Financial Services Customer Screening 8.1.2.8.0", "updated": "2026-04-22T02:30:05.612667+00:00", "vendors": [], "weaknesses": ["CWE-284", "CWE-287"]}