CVE-2026-34296

MEDIUM

4.3

Descricao

Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Product Quality Management). The supported version that is affected is 6.2.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile Product Lifecycle Management for Process. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Agile Product Lifecycle Management for Process accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Detalhes CVE

Pontuacao CVSS v3.14.3

SeveridadeMEDIUM

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosLOW

Interacao do usuarioNONE

Publicado4/21/2026

Ultima modificacao4/22/2026

Fontenvd

Avistamentos honeypot0

Fraquezas (CWE)

CWE-200

Referencias

https://www.oracle.com/security-alerts/cpuapr2026.html(secalert_us@oracle.com)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.