Description
Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware (component: Database User). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Identity Manager Connector. While the vulnerability is in Identity Manager Connector, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Identity Manager Connector. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
Published: 2026-06-16
Score: 9.9 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability lies in the Database User component of Oracle’s Identity Manager Connector. A low‑privileged attacker with network access through HTTP can exploit this flaw, gaining full control of the connector. The compromise leads to complete confidentiality, integrity and availability loss for the managed instance, effectively taking over the Identity Manager Connector.

Affected Systems

Affected versions are Oracle Identity Manager Connector 12.2.1.4.0 and 14.1.2.1.0. The vulnerability may also allow attackers to impact other products that share the same connector component, due to a scope change. The description explicitly notes that attacks may propagate beyond the immediate product.

Risk and Exploitability

The CVSS 3.1 base score of 9.9 marks it as critical. The EPSS score is below 1 % yet the severity suggests high risk; however, the lack of a KEV listing means no public exploits have been identified yet. The attack vector is remote over HTTP, and any user with low privileges can initiate it. Exploitation requires no special credentials beyond access to the connector’s HTTP API.

Generated by OpenCVE AI on June 17, 2026 at 19:18 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Deploy the vendor‑released patch for Oracle Identity Manager Connector versions 12.2.1.4.0 and 14.1.2.1.0.
  • Restrict incoming HTTP traffic to the connector to trusted networks and enforce strong authentication.
  • Disable or restrict any unused administrative interfaces exposed over HTTP.
  • Apply system hardening and change default credentials for the database user that the connector uses.

Generated by OpenCVE AI on June 17, 2026 at 19:18 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware (component: Database User). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Identity Manager Connector. While the vulnerability is in Identity Manager Connector, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Identity Manager Connector. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
First Time appeared Oracle
Oracle identity Manager Connector
CPEs cpe:2.3:a:oracle:identity_manager_connector:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:identity_manager_connector:14.1.2.1.0:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle identity Manager Connector
References
Metrics cvssV3_1

{'score': 9.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Oracle Identity Manager Connector
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-17T14:58:21.107Z

Reserved: 2026-05-18T15:55:10.298Z

Link: CVE-2026-46793

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-16T23:45:14Z

Weaknesses

No weakness.