Unauthenticated Access Vulnerability in Oracle Identity Manager Connector by Oracle
CVE-2026-34289

5.9MEDIUM

Key Information:

Vendor: Oracle
Status: Oracle Identity Manager Connector
Vendor: CVE Published:; 21 April 2026

What is CVE-2026-34289?

The Oracle Identity Manager Connector within Oracle Fusion Middleware contains a vulnerability that can be exploited by an unauthenticated attacker with network access over HTTPS. This vulnerability allows the attacker to gain unauthorized access to sensitive data and could potentially enable complete control of all data accessible through the Oracle Identity Manager Connector. Organizations using Oracle Identity Manager should take immediate action to address this security risk to safeguard their critical data.

Affected Version(s)

Oracle Identity Manager Connector 12.2.1.4.0

References

https://www.oracle.com/security-alerts/cpuapr2026.html

vendor-advisory

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Mar 26, 2026

CVE-2026-34289 Data

JSON