CVE-2026-46810
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk20th percentile — higher than 20% of all known CVEs
Summary
Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: End User Self Service) allows an unauthenticated attacker with network access via IIOP to compromise Identity Manager. Successful attacks can lead to unauthorized access to data, including updates, inserts, or deletions.
Risk Assessment
The risk to the organization includes the potential for unauthorized access to and modification of data, which may lead to breaches of confidentiality and integrity.
Recommendation
It is recommended to update to the latest version of the software to mitigate this vulnerability and implement additional security measures to restrict access to the system.
Original NVD description (English source)
Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: End User Self Service). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Identity Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Identity Manager accessible data as well as unauthorized read access to a subset of Identity Manager accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).

