Unauthenticated Vulnerability in Oracle Fusion Middleware's Identity Manager
CVE-2026-46810

6.5MEDIUM

Key Information:

Vendor

Oracle

Vendor
CVE Published:
16 June 2026

What is CVE-2026-46810?

A vulnerability exists in Oracle Fusion Middleware's Identity Manager component, enabling unauthenticated attackers with network access via IIOP to gain unauthorized access. This flaw can allow attackers to perform unauthorized updates, inserts, and deletions of data, as well as read sensitive information. Affected versions include 12.2.1.4.0 and 14.1.2.1.0, making it critical for users to assess and mitigate their exposure to potential attacks.

Affected Version(s)

Identity Manager 12.2.1.4.0

Identity Manager 14.1.2.1.0

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.