Description
Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Identity Manager Connector accessible data as well as unauthorized access to critical data or complete access to all Oracle Identity Manager Connector accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
Published: 2026-04-21
Score: 9.1 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Confidentiality and Integrity compromise via unauthorized data access/modification
Action: Patch Now
AI Analysis

Impact

The Oracle Identity Manager Connector 12.2.1.4.0 contains an easily exploitable flaw that permits an unauthenticated attacker with network access via HTTPS to create, delete, or modify data accessible through the connector. This grants the attacker full read access to critical data or the ability to alter any information stored or processed by the connector. The vulnerability carries high confidentiality and integrity impacts as identified in the CVSS 3.1 base score of 9.1, with no availability impact noted.

Affected Systems

Affected systems are Oracle Identity Manager Connector versions 12.2.1.4.0 within Oracle Fusion Middleware. The product is distributed by Oracle Corporation. No other versions are reported in the vendor's advisory for this specific CVE.

Risk and Exploitability

Given the CVSS vector of AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N, the vulnerability can be exploited over the public Internet without authentication or user interaction. The lack of an EPSS score indicates that the exploitation probability is not quantified, but the severity remains high. The vulnerability is not listed in CISA's KEV catalog, so there is no publicly known exploitation at the time of reporting.

Generated by OpenCVE AI on April 22, 2026 at 05:03 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check Oracle's security advisories for an updated patch or fix and apply it immediately
  • If a patch is not yet available, restrict HTTPS access to the Oracle Identity Manager Connector by limiting inbound traffic to trusted IP ranges or by moving the connector behind a strict application firewall
  • Conduct regular security testing, monitor audit logs, and enforce strict access controls to detect and prevent unauthorized activities

Generated by OpenCVE AI on April 22, 2026 at 05:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-306
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 22 Apr 2026 05:30:00 +0000

Type Values Removed Values Added
Title Unauthenticated HTTPS Vulnerability Enabling Data Modification in Oracle Identity Manager Connector
Weaknesses CWE-284

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Identity Manager Connector accessible data as well as unauthorized access to critical data or complete access to all Oracle Identity Manager Connector accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
First Time appeared Oracle
Oracle identity Manager Connector
CPEs cpe:2.3:a:oracle:identity_manager_connector:12.2.1.4.0:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle identity Manager Connector
References
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}

Subscriptions

Oracle Identity Manager Connector
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-04-22T14:19:47.716Z

Reserved: 2026-03-26T19:48:45.676Z

Link: CVE-2026-34285

cve-icon Vulnrichment

Updated: 2026-04-22T14:19:44.222Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-21T21:16:33.130

Modified: 2026-04-22T21:24:26.997

Link: CVE-2026-34285

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T05:15:06Z

Weaknesses