CVE-2026-34283: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Identity Manager, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Identity Manager accessible data as well as unauthorized read access to a subset of Oracle Identity Manager accessible data. in Oracle Corporation Oracle Identity Manager
CVE-2026-34283 is a medium severity vulnerability in Oracle Identity Manager versions 12. 2. 1. 4. 0 and 14. 1. 2. 0. 0. It allows an unauthenticated attacker with network access via HTTP to potentially compromise the product.
AI Analysis
Technical Summary
This vulnerability affects Oracle Identity Manager components in Oracle Fusion Middleware, specifically versions 12.2.1.4.0 and 14.1.2.0.0. It is exploitable remotely over HTTP without authentication but requires user interaction from a third party. The vulnerability allows attackers to perform unauthorized read and modification operations on some data within Oracle Identity Manager, with a scope change potentially affecting other Oracle products. The CVSS vector indicates network attack vector, low attack complexity, no privileges required, user interaction required, scope changed, low confidentiality and integrity impact, and no availability impact. Oracle's April 2026 Critical Patch Update includes patches addressing this vulnerability, and customers should apply these patches to mitigate the risk.
Potential Impact
Successful exploitation can lead to unauthorized read access and unauthorized update, insert, or delete operations on some data accessible by Oracle Identity Manager. The vulnerability's scope change means that additional Oracle products integrated or dependent on Oracle Identity Manager may also be impacted. There is no reported impact on system availability. No known exploits in the wild have been reported at this time.
Mitigation Recommendations
Oracle has released security patches for this vulnerability as part of the April 2026 Critical Patch Update for Fusion Middleware products. Customers are strongly advised to apply these patches without delay to address this vulnerability and related issues. No alternative mitigations or workarounds are specified in the vendor advisory. Patch status is confirmed as available via the official Oracle advisory at https://www.oracle.com/security-alerts/cpuapr2026.html.
CVE-2026-34283: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Identity Manager, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Identity Manager accessible data as well as unauthorized read access to a subset of Oracle Identity Manager accessible data. in Oracle Corporation Oracle Identity Manager
Description
CVE-2026-34283 is a medium severity vulnerability in Oracle Identity Manager versions 12. 2. 1. 4. 0 and 14. 1. 2. 0. 0. It allows an unauthenticated attacker with network access via HTTP to potentially compromise the product.
CVSS v3.1
Score 6.1medium
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability affects Oracle Identity Manager components in Oracle Fusion Middleware, specifically versions 12.2.1.4.0 and 14.1.2.0.0. It is exploitable remotely over HTTP without authentication but requires user interaction from a third party. The vulnerability allows attackers to perform unauthorized read and modification operations on some data within Oracle Identity Manager, with a scope change potentially affecting other Oracle products. The CVSS vector indicates network attack vector, low attack complexity, no privileges required, user interaction required, scope changed, low confidentiality and integrity impact, and no availability impact. Oracle's April 2026 Critical Patch Update includes patches addressing this vulnerability, and customers should apply these patches to mitigate the risk.
Potential Impact
Successful exploitation can lead to unauthorized read access and unauthorized update, insert, or delete operations on some data accessible by Oracle Identity Manager. The vulnerability's scope change means that additional Oracle products integrated or dependent on Oracle Identity Manager may also be impacted. There is no reported impact on system availability. No known exploits in the wild have been reported at this time.
Mitigation Recommendations
Oracle has released security patches for this vulnerability as part of the April 2026 Critical Patch Update for Fusion Middleware products. Customers are strongly advised to apply these patches without delay to address this vulnerability and related issues. No alternative mitigations or workarounds are specified in the vendor advisory. Patch status is confirmed as available via the official Oracle advisory at https://www.oracle.com/security-alerts/cpuapr2026.html.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- oracle
- Date Reserved
- 2026-03-26T19:48:45.676Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","vendor":"Oracle"}]
Threat ID: 69e7e5a419fe3cd2cdf9f882
Added to database: 4/21/2026, 9:01:24 PM
Last enriched: 4/29/2026, 11:18:04 AM
Last updated: 6/5/2026, 2:41:52 PM
Views: 34
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.