Skip to main content

Oracle Identity Manager Connector EUVDEUVD-2026-37312

| CVE-2026-46794 CRITICAL
Improper Privilege Management (CWE-269)
2026-06-16 oracle
9.9
CVSS 3.1 · Vendor: oracle
Share

Severity by source

Vendor (oracle) PRIMARY
9.9 CRITICAL
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
vuln.today AI
9.9 CRITICAL

SSH-reachable network vector with any low-tier credential and no user interaction; full takeover of the connector pivots into managed systems, justifying S:C and C/I/A:H.

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Primary rating from Vendor (oracle).

CVSS VectorVendor: oracle

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 16, 2026 - 23:00 vuln.today

DescriptionCVE.org

Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware (component: Generic Unix Connector). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via SSH to compromise Identity Manager Connector. While the vulnerability is in Identity Manager Connector, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Identity Manager Connector. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

AnalysisAI

Privilege escalation to full takeover in Oracle Identity Manager Connector (Fusion Middleware) allows a low-privileged remote attacker with SSH network access to compromise the Generic Unix Connector and pivot into additional Fusion Middleware components via a CVSS scope change. Versions 12.2.1.4.0 and 14.1.2.1.0 are affected, with Oracle rating the issue 9.9 due to high confidentiality, integrity, and availability impact across product boundaries. No public exploit identified at time of analysis, but the AV:N/AC:L profile and SSH-reachable attack surface make this a high-priority Oracle CPU item.

Technical ContextAI

Oracle Identity Manager (OIM) Connectors are the integration adapters that let OIM provision, reconcile, and manage accounts on downstream target systems; the Generic Unix Connector specifically uses SSH to push user/account operations to Linux and Unix endpoints. Because the connector authenticates to remote systems with privileged service credentials and runs inside the Fusion Middleware/WebLogic stack, a flaw in its SSH-facing logic sits at a trust boundary between the IAM control plane and managed hosts. The CVSS scope change (S:C) indicates the vulnerable component (the connector) can affect resources beyond its own security authority - consistent with abusing the connector's stored target-system credentials or its host WebLogic context. No CWE was assigned by the reporter, so the precise weakness class (command injection, deserialization, auth bypass, etc.) is not disclosed in the Oracle advisory metadata.

RemediationAI

Apply the Oracle Critical Patch Update for June 2026 (Patch available per vendor advisory at https://www.oracle.com/security-alerts/cspujun2026.html) to Identity Manager Connector 12.2.1.4.0 and 14.1.2.1.0 - Oracle does not publish standalone fix version strings outside the CPU bundle, so the CPU release itself is the authoritative remediation. Until the CPU can be applied, restrict network reachability of the OIM Connector SSH interface to a dedicated management VLAN or jump host, rotate and tier-isolate the low-privilege service accounts that can reach the connector (since PR:L is the entire barrier to exploitation), and increase audit logging on SSH sessions to and from the connector and on any target Unix systems it manages; the trade-off is that tightening service-account scope can temporarily break legitimate provisioning workflows, so coordinate with the IAM operations team before pulling credentials.

CVE-2017-5645 CRITICAL POC
9.8 Apr 17

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events

CVE-2022-31660 HIGH POC
7.8 Aug 05

VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. Rat

CVE-2022-31656 CRITICAL POC
9.8 Aug 05

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability aff

CVE-2022-23305 CRITICAL
9.8 Jan 18

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be

CVE-2026-46793 CRITICAL
9.9 Jun 16

Takeover of Oracle Identity Manager Connector (Fusion Middleware) is achievable by a low-privileged remote attacker over

CVE-2026-46792 CRITICAL
9.9 Jun 16

Full takeover of Oracle Identity Manager Connector (versions 12.2.1.4.0 and 14.1.2.1.0) is achievable by a low-privilege

CVE-2026-35294 CRITICAL
9.9 Jun 16

Account takeover in Oracle Identity Manager Connector (Fusion Middleware, Mainframe Connectors component) versions 12.2.

CVE-2022-31657 CRITICAL
9.8 Aug 05

VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. Rated critical severity (CVSS 9.

CVE-2022-23307 HIGH
8.8 Jan 18

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Rated high severity (CVSS 8.8), th

CVE-2020-4006 CRITICAL
9.1 Nov 23

VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command i

CVE-2022-23302 HIGH
8.8 Jan 18

JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write acce

CVE-2017-10270 HIGH
8.2 Oct 19

Vulnerability in the Oracle Identity Manager Connector component of Oracle Fusion Middleware (subcomponent: Microsoft Ac

Share

EUVD-2026-37312 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy