Threat Intelligence Database

CVE-2026-46810 is a medium severity vulnerability in Oracle Identity Manager versions 12.2.1.4.0 and 14.1.2.1.0. It allows an unauthenticated attacker with network access via IIOP to perform unauthorized read, insert, update, or delete operations on some accessible data. The vulnerability has a CVSS 3.1 base score of 6.5, reflecting impacts on confidentiality and integrity but no impact on availability. Oracle has acknowledged the vulnerability in their June 2026 Critical Security Patch Update advisory and strongly recommends applying the provided patches promptly to mitigate the risk. Workarounds such as blocking network protocols or removing unnecessary privileges may reduce risk temporarily but could impact functionality.

CVE-2026-46807 is a critical vulnerability in Oracle Identity Manager affecting versions 12.2.1.4.0 and 14.1.2.1.0. It allows an unauthenticated attacker with network access via T3 or IIOP protocols to fully compromise the Identity Manager. The vulnerability has a CVSS 3.1 base score of 9.8, indicating high impact on confidentiality, integrity, and availability. Oracle has included this vulnerability in its June 2026 Critical Security Patch Update. Customers are strongly advised to apply the provided security patches promptly to mitigate the risk of takeover. Until patches are applied, risk reduction may be possible by blocking required network protocols or restricting privileges, though these measures may impact functionality.

CVE-2026-35269 is a high-severity vulnerability in Oracle Identity Manager versions 12.2.1.4.0 and 14.1.2.1.0. It allows an unauthenticated attacker with network access via HTTP to compromise the product. Successful exploitation can lead to unauthorized creation, deletion, or modification of critical or all accessible data within Identity Manager. The vulnerability has a CVSS 3.1 base score of 7.5, indicating a significant integrity impact without confidentiality or availability loss. Oracle has released a Critical Security Patch Update in June 2026 addressing this and other vulnerabilities. Customers are strongly advised to apply the provided patches promptly to mitigate the risk. Until patched, risk reduction may be possible by blocking network protocols required for exploitation or limiting privileges, though these may impact functionality.

CVE-2026-35268 is a critical vulnerability in Oracle Identity Manager versions 12.2.1.4.0 and 14.1.2.1.0. It allows a low privileged attacker with network access via T3 or IIOP protocols to compromise the Identity Manager. Successful exploitation can lead to full takeover of the Identity Manager and may impact additional Oracle products. The vulnerability has a CVSS 3.1 base score of 9.9, indicating high confidentiality, integrity, and availability impacts. Oracle has released a Critical Security Patch Update in June 2026 addressing this and other vulnerabilities. Customers are strongly advised to apply the patches promptly to mitigate the risk. Until patches are applied, risk reduction may be possible by blocking required network protocols or limiting privileges, though these may affect functionality.

CVE-2026-35267 is a high-severity vulnerability in Oracle Identity Manager versions 12.2.1.4.0 and 14.1.2.1.0 affecting the REST WebServices component. It allows a low privileged attacker with network access via HTTP to compromise the system, potentially leading to full takeover of Identity Manager. The vulnerability has a CVSS 3.1 base score of 8.8, indicating high impact on confidentiality, integrity, and availability. Oracle has included fixes for this vulnerability in its June 2026 Critical Security Patch Update and strongly recommends applying these patches promptly. Until patched, risk reduction may be possible by blocking required network protocols or removing unnecessary privileges, though these mitigations may impact functionality.

CVE-2026-35265 is a high-severity vulnerability in Oracle Identity Manager versions 12.2.1.4.0 and 14.1.2.1.0. It allows a low privileged attacker with network access via HTTP to compromise the Identity Manager, potentially resulting in full takeover. The vulnerability impacts confidentiality, integrity, and availability with a CVSS 3.1 base score of 8.8. Oracle has included fixes for this vulnerability in its June 2026 Critical Security Patch Update. Customers are strongly advised to apply these patches promptly to mitigate the risk.