SB20260422162 - Improper input validation in Oracle Agile Product Lifecycle Management for Process
Published: April 22, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Improper input validation (CVE-ID: CVE-2026-34296)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote authenticated user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Product Quality Management component in Oracle Agile Product Lifecycle Management for Process. A remote authenticated user can exploit this vulnerability to gain access to sensitive information.
Remediation
Install update from vendor's website.