CVE-2026-34289: Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Identity Manager Connector accessible data. in Oracle Corporation Oracle Identity Manager Connector
CVE-2026-34289 is a vulnerability in Oracle Identity Manager Connector version 12. 2. 1. 4. 0 that allows an unauthenticated attacker with network access via HTTPS to potentially gain unauthorized access to critical or all accessible data within the connector. The vulnerability is rated medium severity with a CVSS 3. 1 base score of 5. 9, indicating a confidentiality impact without integrity or availability effects. The vulnerability is considered difficult to exploit. Oracle has included this vulnerability in its April 2026 Critical Patch Update advisory, recommending customers apply the update promptly.
AI Analysis
Technical Summary
This vulnerability affects Oracle Identity Manager Connector 12.2.1.4.0, part of Oracle Fusion Middleware. It allows an unauthenticated network attacker over HTTPS to compromise the connector, resulting in unauthorized access to critical or all accessible data. The CVSS vector indicates network attack vector, high attack complexity, no privileges required, no user interaction, and a high confidentiality impact. The vulnerability is associated with CWE-306 (Missing Authentication for Critical Function). Oracle has addressed this issue in its April 2026 Critical Patch Update, which includes multiple security patches for Fusion Middleware products.
Potential Impact
Successful exploitation can lead to unauthorized access to critical data or complete access to all data accessible by the Oracle Identity Manager Connector. There is no impact on integrity or availability reported. The vulnerability requires network access via HTTPS and is difficult to exploit. No known exploits in the wild have been reported at this time.
Mitigation Recommendations
Oracle strongly recommends applying the April 2026 Critical Patch Update for Fusion Middleware products, which includes patches addressing this vulnerability. Customers should remain on actively supported versions and apply the Critical Patch Update without delay. Patch status is confirmed by the vendor advisory indicating that a fix is available in the April 2026 CPU. No alternative mitigations or 'no action required' statements are provided by Oracle.
CVE-2026-34289: Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Identity Manager Connector accessible data. in Oracle Corporation Oracle Identity Manager Connector
Description
CVE-2026-34289 is a vulnerability in Oracle Identity Manager Connector version 12. 2. 1. 4. 0 that allows an unauthenticated attacker with network access via HTTPS to potentially gain unauthorized access to critical or all accessible data within the connector. The vulnerability is rated medium severity with a CVSS 3. 1 base score of 5. 9, indicating a confidentiality impact without integrity or availability effects. The vulnerability is considered difficult to exploit. Oracle has included this vulnerability in its April 2026 Critical Patch Update advisory, recommending customers apply the update promptly.
CVSS v3.1
Score 5.9medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability affects Oracle Identity Manager Connector 12.2.1.4.0, part of Oracle Fusion Middleware. It allows an unauthenticated network attacker over HTTPS to compromise the connector, resulting in unauthorized access to critical or all accessible data. The CVSS vector indicates network attack vector, high attack complexity, no privileges required, no user interaction, and a high confidentiality impact. The vulnerability is associated with CWE-306 (Missing Authentication for Critical Function). Oracle has addressed this issue in its April 2026 Critical Patch Update, which includes multiple security patches for Fusion Middleware products.
Potential Impact
Successful exploitation can lead to unauthorized access to critical data or complete access to all data accessible by the Oracle Identity Manager Connector. There is no impact on integrity or availability reported. The vulnerability requires network access via HTTPS and is difficult to exploit. No known exploits in the wild have been reported at this time.
Mitigation Recommendations
Oracle strongly recommends applying the April 2026 Critical Patch Update for Fusion Middleware products, which includes patches addressing this vulnerability. Customers should remain on actively supported versions and apply the Critical Patch Update without delay. Patch status is confirmed by the vendor advisory indicating that a fix is available in the April 2026 CPU. No alternative mitigations or 'no action required' statements are provided by Oracle.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- oracle
- Date Reserved
- 2026-03-26T19:48:45.676Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","vendor":"Oracle"}]
Threat ID: 69e7e5a419fe3cd2cdf9f894
Added to database: 4/21/2026, 9:01:24 PM
Last enriched: 4/29/2026, 11:35:06 AM
Last updated: 6/5/2026, 2:24:22 PM
Views: 52
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.