Vulnerability in Oracle Identity Manager Connector Affects Oracle Fusion Middleware
CVE-2026-34294

5.9MEDIUM

Key Information:

Vendor: Oracle
Status: Oracle Identity Manager Connector
Vendor: CVE Published:; 21 April 2026

What is CVE-2026-34294?

A vulnerability exists in the Oracle Identity Manager Connector within Oracle Fusion Middleware, specifically affecting version 12.2.1.4.0. This issue allows attackers with low-level privileges and network access via LDAP to exploit the system. Successful exploitation could enable these attackers to create, modify, or delete critical data within the Oracle Identity Manager Connector, jeopardizing the confidentiality and integrity of sensitive information. Furthermore, unauthorized reading of certain accessible data may also occur, leading to potential data breaches and significant risks for organizations relying on this connector.

Affected Version(s)

Oracle Identity Manager Connector 12.2.1.4.0

References

https://www.oracle.com/security-alerts/cpuapr2026.html

vendor-advisory

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Mar 26, 2026

CVE-2026-34294 Data

JSON