Oracle App Framework 12.2.9-12.2.15: High-priv HTTP R/W/partial DOS
CVE-2026-34298 Published on April 21, 2026
Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Personalization). Supported versions that are affected are 12.2.9-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data as well as unauthorized read access to a subset of Oracle Applications Framework accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Applications Framework. CVSS 3.1 Base Score 4.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L).
Vulnerability Analysis
CVE-2026-34298 is exploitable with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.
Weakness Type
What is an Authorization Vulnerability?
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2026-34298 has been classified to as an Authorization vulnerability or weakness.
Products Associated with CVE-2026-34298
stack.watch emails you whenever new vulnerabilities are published in Oracle or Oracle Applications Framework. Just hit a watch button to start following.
Affected Versions
Oracle Corporation Oracle Applications Framework:- Version 12.2.9, <= 12.2.15 is affected.