Description
Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Identity Manager Connector. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
Published: 2026-04-21
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Denial of Service
Action: Patch Immediately
AI Analysis

Impact

A flaw in Oracle Identity Manager Connector allows an unauthenticated attacker to send crafted TCP packets that trigger the core service to hang or crash. The result is a complete denial of service for systems using the connector. Confidentiality and integrity are not affected; the impact is solely on availability.

Affected Systems

Oracle Identity Manager Connector version 12.2.1.4.0 is the only version noted as vulnerable. No other supported releases are listed as affected.

Risk and Exploitability

The CVSS 3.1 base score of 7.5 reflects a high severity availability issue. The EPSS score is <1%, indicating low current exploit prevalence, but the vulnerability is easily exploitable with mere TCP connectivity to the exposed port and requires no authentication. It is not listed in the CISA KEV catalog, yet the lack of authentication and straightforward trigger create a large attack window, making it a high‑priority risk for environments that rely on the connector.

Generated by OpenCVE AI on April 28, 2026 at 16:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Oracle CPU April 2026 patch that addresses the denial‑of‑service flaw in the Identity Manager Connector.
  • If a patch cannot be applied immediately, use a firewall or network segmentation to block or restrict external TCP access to the connector’s listening port, limiting untrusted traffic.
  • Enable application and system monitoring to detect repeated crashes, and configure automated restarts or alerts to maintain service availability.

Generated by OpenCVE AI on April 28, 2026 at 16:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Title Denial of Service via Unauthenticated TCP in Oracle Identity Manager Connector
Weaknesses CWE-120
CWE-20

Wed, 22 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 22 Apr 2026 09:15:00 +0000

Type Values Removed Values Added
Title Denial of Service via Unauthenticated TCP in Oracle Identity Manager Connector
Weaknesses CWE-120
CWE-20

Wed, 22 Apr 2026 07:00:00 +0000

Type Values Removed Values Added
Title Unauthenticated Remote Denial of Service via TCP in Oracle Identity Manager Connector
Weaknesses CWE-400
CWE-666

Wed, 22 Apr 2026 03:00:00 +0000

Type Values Removed Values Added
Title Unauthenticated Remote Denial of Service via TCP in Oracle Identity Manager Connector
Weaknesses CWE-400
CWE-666

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Identity Manager Connector. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
First Time appeared Oracle
Oracle identity Manager Connector
CPEs cpe:2.3:a:oracle:identity_manager_connector:12.2.1.4.0:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle identity Manager Connector
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Oracle Identity Manager Connector
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-04-22T13:48:34.810Z

Reserved: 2026-03-26T19:48:45.677Z

Link: CVE-2026-34290

cve-icon Vulnrichment

Updated: 2026-04-22T13:48:25.248Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-21T21:16:33.820

Modified: 2026-04-23T12:06:19.870

Link: CVE-2026-34290

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T16:15:20Z

Weaknesses