Unauthenticated Access Vulnerability in Oracle Identity Manager by Oracle
CVE-2026-34283

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Oracle Identity Manager
Vendor: CVE Published:; 21 April 2026

What is CVE-2026-34283?

A vulnerability in Oracle Identity Manager within Oracle Fusion Middleware allows unauthenticated attackers with network access via HTTP to potentially compromise the system. The vulnerability requires human interaction from a third party, which could lead to unauthorized modifications to accessible data. This could include unauthorized updates, inserts, or deletions, as well as unauthorized read access to certain data subsets within Oracle Identity Manager. The risk of such attacks could extend beyond Identity Manager due to the interconnected nature of the affected components.

Affected Version(s)

Oracle Identity Manager 12.2.1.4.0

Oracle Identity Manager 14.1.2.0.0

References

https://www.oracle.com/security-alerts/cpuapr2026.html

vendor-advisory

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Mar 26, 2026

CVE-2026-34283 Data

JSON