Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Remote unauthenticated HTTP exploitation per Oracle (AV:N/AC:L/PR:N/UI:N); integrity-only impact on identity data with no confidentiality or availability loss described.
Primary rating from Vendor (oracle).
CVSS VectorVendor: oracle
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
1DescriptionCVE.org
Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Identity Manager accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
AnalysisAI
Unauthorized data modification in Oracle Identity Manager (Fusion Middleware) versions 12.2.1.4.0 and 14.1.2.1.0 allows a remote unauthenticated attacker to create, delete, or modify critical identity data via the REST WebServices component over HTTP. Oracle rates the issue as easily exploitable with a CVSS 3.1 base score of 7.5 (integrity-only impact), and no public exploit has been identified at time of analysis.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The OIM managed server's REST WebServices endpoints must be reachable over HTTP from the attacker's network position - typically the WebLogic-hosted /iam/governance/* or equivalent REST URIs on the OIM admin/managed server port. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N is a near-worst-case integrity profile: remote, unauthenticated, low complexity, no user interaction, with high integrity impact and no confidentiality or availability loss - meaning an attacker can tamper with identity data but not necessarily read it or crash the service. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker on the network reaches the OIM REST WebServices HTTP endpoint and issues a crafted unauthenticated request that the server processes as if it came from a privileged caller, creating a new administrative account or modifying an existing user's role assignments. Because OIM provisions identities to downstream Oracle and third-party systems, the attacker's injected account propagates outward, yielding access to applications well beyond OIM itself. … |
| Remediation | Apply the patches included in the Oracle Critical Patch Update of June 2026 as documented at https://www.oracle.com/security-alerts/cspujun2026.html - this is the authoritative fix for both 12.2.1.4.0 and 14.1.2.1.0. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all systems running Oracle Identity Manager 12.2.1.4.0 or 14.1.2.1.0 and assess network exposure of the REST WebServices component. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Identity Manager
View allVMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side templa
VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. Rat
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due t
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability aff
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability aff
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Rated cr
Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Default Account). Rate
Open redirect vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) becaus
Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Rules Engine). Rated c
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37400