Vulnerability in Oracle Fusion Middleware's Identity Manager Component
CVE-2026-35268

9.9CRITICAL

Key Information:

Vendor

Oracle

Vendor
CVE Published:
16 June 2026

What is CVE-2026-35268?

A vulnerability exists within the Identity Manager component of Oracle Fusion Middleware which can be easily exploited by low-privileged attackers with network access via T3 and IIOP protocols. Although the primary focus is on Identity Manager, successful exploitation might have far-reaching consequences impacting other interconnected products, effectively altering the intended scope of the attack. Successful exploitation could lead to a complete takeover of the Identity Manager, compromising confidentiality, integrity, and availability.

Affected Version(s)

Identity Manager 12.2.1.4.0

Identity Manager 14.1.2.1.0

References

CVSS V3.1

Score:
9.9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.