Vulnerability in Oracle Fusion Middleware's Identity Manager Component
CVE-2026-35268
9.9CRITICAL
What is CVE-2026-35268?
A vulnerability exists within the Identity Manager component of Oracle Fusion Middleware which can be easily exploited by low-privileged attackers with network access via T3 and IIOP protocols. Although the primary focus is on Identity Manager, successful exploitation might have far-reaching consequences impacting other interconnected products, effectively altering the intended scope of the attack. Successful exploitation could lead to a complete takeover of the Identity Manager, compromising confidentiality, integrity, and availability.
Affected Version(s)
Identity Manager 12.2.1.4.0
Identity Manager 14.1.2.1.0