Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
REST endpoint is network-reachable (AV:N) with low complexity; any provisioned IdM user suffices (PR:L); no interaction; takeover yields full CIA impact within IdM (S:U).
Primary rating from Vendor (oracle).
CVSS VectorVendor: oracle
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in takeover of Identity Manager. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
AnalysisAI
Account takeover in Oracle Identity Manager (Fusion Middleware) versions 12.2.1.4.0 and 14.1.2.1.0 allows a low-privileged remote attacker to fully compromise the Identity Manager instance via its REST WebServices component over HTTP. Oracle rates the flaw CVSS 8.8 with high impact to confidentiality, integrity, and availability, and no public exploit identified at time of analysis. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires network reachability to the Oracle Identity Manager REST WebServices interface over HTTP, plus possession of any low-privileged authenticated IdM account (PR:L) - typically a standard provisioned end-user, not an administrator. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) describes a network-reachable, low-complexity flaw requiring only a low-privileged account and no user interaction, yielding full CIA compromise - a strong real-world risk profile, especially because any legitimate IdM end-user is sufficient. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained or registered any low-privileged Identity Manager account (e.g., a standard end-user provisioned for self-service password reset) authenticates to the REST WebServices endpoint over HTTP/HTTPS and issues crafted requests that escalate to full administrative control over the Identity Manager instance. From that foothold the attacker can create privileged accounts, reset credentials, or push entitlements into downstream connected systems (AD, databases, SaaS), effectively pivoting from one low-privileged identity into broad enterprise access. … |
| Remediation | Apply the Oracle Critical Patch Update of June 2026 for Fusion Middleware / Identity Manager as documented at https://www.oracle.com/security-alerts/cspujun2026.html - patch available per vendor advisory; exact patched release identifier not enumerated in the provided data, so administrators should pull the IdM bundle patch referenced for 12.2.1.4.0 and 14.1.2.1.0 from My Oracle Support. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24-hour actions: Inventory all systems running Oracle Identity Manager 12.2.1.4.0 or 14.1.2.1.0, documenting network location, criticality, and downstream application dependencies. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Identity Manager
View allVMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side templa
VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. Rat
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due t
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability aff
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability aff
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Rated cr
Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Default Account). Rate
Open redirect vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) becaus
Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Rules Engine). Rated c
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37398