Description
Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Identity Manager Connector. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
Published: 2026-04-21
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: Remote Denial of Service
Action: Patch Immediately
AI Analysis

Impact

A vulnerability in Oracle Identity Manager Connector lets an unauthenticated attacker send crafted TCP requests that cause the application to hang or crash, leading to a complete denial of service for systems that rely on the connector. The flaw is exposed through the Connector’s core service, requires no authentication, and results solely in an availability loss without affecting confidentiality or integrity.

Affected Systems

Only the version 12.2.1.4.0 of Oracle Identity Manager Connector is affected. The vendor explicitly lists this supported version as vulnerable; no other versions are noted.

Risk and Exploitability

The CVSS 3.1 base score of 7.5 indicates a high severity availability issue. Although EPSS data is not available, the problem is easily exploitable with simple TCP connectivity to the vulnerable port, and it currently is not catalogued in CISA KEV. The lack of authentication requirements and the straightforward trigger give attackers a large attack window, making this a high‑priority risk that could result in repeated service disruptions.

Generated by OpenCVE AI on April 22, 2026 at 02:34 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Oracle CPU Apr 2026 patch that fixes the Denial‑of‑Service flaw in Identity Manager Connector.
  • If a patch cannot be applied immediately, block or restrict external TCP access to the Connector’s port using firewalls or network segmentation to limit untrusted traffic.
  • Enable application and system monitoring to detect repeated crashes, and configure automated restarts or alerts to maintain availability.

Generated by OpenCVE AI on April 22, 2026 at 02:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 03:00:00 +0000

Type Values Removed Values Added
Title Unauthenticated Remote Denial of Service via TCP in Oracle Identity Manager Connector
Weaknesses CWE-400
CWE-666

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Identity Manager Connector. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
First Time appeared Oracle
Oracle identity Manager Connector
CPEs cpe:2.3:a:oracle:identity_manager_connector:12.2.1.4.0:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle identity Manager Connector
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Oracle Identity Manager Connector
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-04-21T20:35:25.633Z

Reserved: 2026-03-26T19:48:45.677Z

Link: CVE-2026-34290

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-21T21:16:33.820

Modified: 2026-04-21T21:16:33.820

Link: CVE-2026-34290

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T02:45:05Z

Weaknesses