Unauthenticated Data Compromise in Oracle Identity Manager Connector by Oracle
CVE-2026-34287

9.1CRITICAL

Key Information:

Vendor: Oracle
Status: Oracle Identity Manager Connector
Vendor: CVE Published:; 21 April 2026

What is CVE-2026-34287?

An unauthenticated remote access vulnerability exists in the Oracle Identity Manager Connector component of Oracle Fusion Middleware. This flaw permits an unauthorized attacker with HTTPS access to compromise the Oracle Identity Manager Connector. If successfully exploited, this vulnerability may lead to unauthorized creation, deletion, or modification of data, allowing the attacker to gain extensive access to sensitive information within the system. It is essential for organizations using the affected version to apply necessary patches and security measures to protect their environments.

Affected Version(s)

Oracle Identity Manager Connector 12.2.1.4.0

References

https://www.oracle.com/security-alerts/cpuapr2026.html

vendor-advisory

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Mar 26, 2026

CVE-2026-34287 Data

JSON