CVE Catalog

CVE-2026-35269

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.37%

28th percentile — higher than 28% of all known CVEs

Summary

Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices) allows easy exploitation by an unauthenticated attacker with network access via HTTP. An attacker can gain unauthorized access to critical data, potentially leading to its creation, deletion, or modification.

Risk Assessment

The risk to the organization involves the potential for unauthorized access to data managed by Identity Manager, which could result in serious data integrity breaches.

Recommendation

It is recommended to update to the latest version of the software to mitigate this vulnerability and implement appropriate security measures to restrict access to the system.

Original NVD description (English source)

Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Identity Manager accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

Vulnerability data from NVD (NIST) · CISA KEV · EPSS