VDB
CVE-2026-34289
CVE-2026-34289
PUBLISHED
CVSS 5.900000095367432 MEDIUM
Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Identity Manager Connector accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
EPSS 0.05% · 17.3th percentile
Risk Scores
CVSS 3.1
5.900000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.05%
17.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| oracle | identity_manager_connector | |
| Oracle Corporation | Oracle Identity Manager Connector | 12.2.1.4.0 |
Timeline
- Apr 21, 2026 CVE Published
- Apr 22, 2026 Security Advisory
- Apr 22, 2026 CVE Updated
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score
- May 25, 2026 EPSS Score
- May 26, 2026 EPSS Score
References
- Oracle Advisory vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-34289 advisory