CVE-2026-46794 - Vulnerability Details

Description

Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware (component: Generic Unix Connector). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via SSH to compromise Identity Manager Connector. While the vulnerability is in Identity Manager Connector, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Identity Manager Connector. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Published: 2026-06-16

Score: 9.9 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The Oracle Identity Manager Connector is vulnerable to an easily exploitable flaw that allows an attacker with low privileges and network access via SSH to fully compromise the connector. Successful exploitation leads to loss of confidentiality, integrity, and availability of the component, effectively granting the attacker takeover of the Identity Manager Connector. The vulnerability can also impact additional Oracle Fusion Middleware products due to scope changes, exposing the broader environment to the same risks.

Affected Systems

Oracle Corporation’s Identity Manager Connector, affected versions 12.2.1.4.0 and 14.1.2.1.0, are impacted by this flaw.

Risk and Exploitability

With a CVSS 3.1 Base Score of 9.9, the risk is high. The EPSS score is below 1%, indicating a low current exploitation probability, and the vulnerability is not yet listed in CISA’s KEV catalog. Nevertheless, the attack vector is network‑based via SSH and requires only low‑privilege access, making it quite attractive for adversaries. If exploited, the attacker gains full control of the connector and, through scope changes, potentially affects other components in the same environment.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Oracle Corporation

Identity Manager Connector

affected

Version	Status	Constraints
`12.2.1.4.0`	affected	—
`14.1.2.1.0`	affected	—

No data.

Vendor Product Confidence Versions

Oracle

Identity Manager Connector

95%

Version	Status	Scheme	Platform
`12.2.1.4.0`	affected	semver	—
`14.1.2.1.0`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the official patch or upgrade to a fixed version of Identity Manager Connector as released by Oracle
Restrict SSH access to the Identity Manager Connector to privileged administrators only, and consider disabling SSH if it is not required
Monitor SSH logs for unauthorized or repeated low‑privilege connection attempts and conduct regular vulnerability scanning for connector exposures

Generated by OpenCVE AI on June 17, 2026 at 19:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00479.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://www.oracle.com/security-alerts/cspujun2026.html

History

Tue, 16 Jun 2026 20:45:00 +0000

Type	Values Removed	Values Added
Description		Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware (component: Generic Unix Connector). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via SSH to compromise Identity Manager Connector. While the vulnerability is in Identity Manager Connector, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Identity Manager Connector. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
First Time appeared		Oracle Oracle identity Manager Connector
CPEs		cpe:2.3:a:oracle:identity_manager_connector:12.2.1.4.0:::::::* cpe:2.3:a:oracle:identity_manager_connector:14.1.2.1.0:::::::*
Vendors & Products		Oracle Oracle identity Manager Connector
References		https://www.oracle.com/security-alerts/cspujun2026.html
Metrics		cvssV3_1 `{'score': 9.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}`

Subscriptions

Oracle Identity Manager Connector

MITRE

Status: PUBLISHED

Assigner: oracle

Published: 2026-06-16T19:27:22.125Z

Updated: 2026-06-17T14:59:08.747Z

Reserved: 2026-05-18T15:55:10.298Z

Link: CVE-2026-46794

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-16T23:45:14Z

Weaknesses

No weakness.

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object