CVE-2026-35269
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk28th percentile — higher than 28% of all known CVEs
Summary
Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices) allows easy exploitation by an unauthenticated attacker with network access via HTTP. An attacker can gain unauthorized access to critical data, potentially leading to its creation, deletion, or modification.
Risk Assessment
The risk to the organization involves the potential for unauthorized access to data managed by Identity Manager, which could result in serious data integrity breaches.
Recommendation
It is recommended to update to the latest version of the software to mitigate this vulnerability and implement appropriate security measures to restrict access to the system.
Original NVD description (English source)
Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Identity Manager accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

