Impact
The vulnerability exists in Oracle Fusion Middleware Identity Manager. An attacker who owns a low‑privileged account and can reach the application over HTTP can exploit the flaw to compromise the entire Identity Manager installation, resulting in loss of confidentiality, integrity and availability of the system’s data and services.
Affected Systems
Oracle Identity Manager versions 12.2.1.4.0 and 14.1.2.1.0 are affected. These releases are part of Oracle Fusion Middleware and are commonly deployed for role‑based access control and identity governance.
Risk and Exploitability
The flaw has a CVSS v3.1 score of 8.8 and an EPSS score of less than 1 %, indicating a very low but non‑zero probability of exploitation in practice. It is not listed in the CISA KEV catalog, but its high severity and network‑based attack surface make it a strong candidate for prioritised remediation. The likely attack vector is network‑based HTTP traffic, requiring only a low‑privileged account; the attack could be automated and does not require local code execution.
OpenCVE Enrichment