Description
Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware (component: Generic Unix Connector). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Identity Manager Connector. While the vulnerability is in Identity Manager Connector, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Identity Manager Connector. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
Published: 2026-06-16
Score: 9.9 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the Generic Unix Connector component of Oracle Identity Manager Connector. An attacker with low privileges, located on the network or having HTTP access, can exploit the flaw to gain full control of the Connector, resulting in complete compromise of confidentiality, integrity, and availability. The impact extends beyond the Connector itself, as the vulnerability’s scope change can affect other dependent products.

Affected Systems

Oracle identity manager connector versions 12.2.1.4.0 and 14.1.2.1.0 are impacted. These specific releases allow the remote attack vector described above.

Risk and Exploitability

The CVSS v3.1 base score of 9.9 indicates a critical severity. The EPSS score of less than 1% shows very low current exploitation probability, but the flaw’s ability to propagate to other products and its remote nature make it a high‑risk issue. It is not listed in CISA’s KEV catalog, yet the attack can be carried out over HTTP without special conditions, implying that a security patch is urgently required.

Generated by OpenCVE AI on June 17, 2026 at 19:18 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Oracle Identity Manager Connector to the latest patched release that contains the fix for CVE-2026-46792
  • Restrict inbound HTTP traffic to the Connector by configuring firewalls or access controls to allow only trusted IP ranges
  • Implement strict authentication and authorization checks to enforce least‑privilege access for all remote interactions
  • Notify Oracle support and monitor vendor advisories for additional mitigations or updates

Generated by OpenCVE AI on June 17, 2026 at 19:18 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware (component: Generic Unix Connector). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Identity Manager Connector. While the vulnerability is in Identity Manager Connector, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Identity Manager Connector. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
First Time appeared Oracle
Oracle identity Manager Connector
CPEs cpe:2.3:a:oracle:identity_manager_connector:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:identity_manager_connector:14.1.2.1.0:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle identity Manager Connector
References
Metrics cvssV3_1

{'score': 9.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Oracle Identity Manager Connector
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-17T14:57:39.303Z

Reserved: 2026-05-18T15:55:10.298Z

Link: CVE-2026-46792

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-16T23:45:14Z

Weaknesses

No weakness.