Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
The vulnerability classified as CWE-306 (Missing Authentication for Critical Function) means that critical functions of the Platform component are accessible without any authentication. An attacker with network access to the system can send HTTP requests directly to protected resources, bypassing access control mechanisms. No credentials or user interaction are required, making the attack fully automated.
Successful exploitation of this vulnerability leads to complete takeover of the Oracle Financial Services Analytical Applications Infrastructure system, including breach of confidentiality, integrity, and availability of data. Attackers can gain unauthorized access to sensitive financial and analytical data, modify it, and cause service unavailability (DoS).
Apply patches available from the vendor in accordance with references published as part of the Oracle Critical Patch Update from October 2025: https://www.oracle.com/security-alerts/cpuoct2025.html. Until the update is applied, it is recommended to restrict network access to the Platform component exclusively to trusted hosts at the firewall level and to monitor HTTP traffic directed to the system.
Oracle Financial Services Analytical Applications Infrastructure versions 8.0.7.9, 8.0.8.7, and 8.1.2.5 (component: Platform).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HOracle Financial Services Analytical Applications Infrastructure
APPOracle8.0.7.9.08.0.8.7.08.1.2.5.0
Related vulnerabilities
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionalit...
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) ...
Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may ...
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might e...
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and ty...