Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
SSH-reachable network vector with any low-tier credential and no user interaction; full takeover of the connector pivots into managed systems, justifying S:C and C/I/A:H.
Primary rating from Vendor (oracle).
CVSS VectorVendor: oracle
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware (component: Generic Unix Connector). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via SSH to compromise Identity Manager Connector. While the vulnerability is in Identity Manager Connector, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Identity Manager Connector. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
AnalysisAI
Privilege escalation to full takeover in Oracle Identity Manager Connector (Fusion Middleware) allows a low-privileged remote attacker with SSH network access to compromise the Generic Unix Connector and pivot into additional Fusion Middleware components via a CVSS scope change. Versions 12.2.1.4.0 and 14.1.2.1.0 are affected, with Oracle rating the issue 9.9 due to high confidentiality, integrity, and availability impact across product boundaries. No public exploit identified at time of analysis, but the AV:N/AC:L profile and SSH-reachable attack surface make this a high-priority Oracle CPU item.
Technical ContextAI
Oracle Identity Manager (OIM) Connectors are the integration adapters that let OIM provision, reconcile, and manage accounts on downstream target systems; the Generic Unix Connector specifically uses SSH to push user/account operations to Linux and Unix endpoints. Because the connector authenticates to remote systems with privileged service credentials and runs inside the Fusion Middleware/WebLogic stack, a flaw in its SSH-facing logic sits at a trust boundary between the IAM control plane and managed hosts. The CVSS scope change (S:C) indicates the vulnerable component (the connector) can affect resources beyond its own security authority - consistent with abusing the connector's stored target-system credentials or its host WebLogic context. No CWE was assigned by the reporter, so the precise weakness class (command injection, deserialization, auth bypass, etc.) is not disclosed in the Oracle advisory metadata.
RemediationAI
Apply the Oracle Critical Patch Update for June 2026 (Patch available per vendor advisory at https://www.oracle.com/security-alerts/cspujun2026.html) to Identity Manager Connector 12.2.1.4.0 and 14.1.2.1.0 - Oracle does not publish standalone fix version strings outside the CPU bundle, so the CPU release itself is the authoritative remediation. Until the CPU can be applied, restrict network reachability of the OIM Connector SSH interface to a dedicated management VLAN or jump host, rotate and tier-isolate the low-privilege service accounts that can reach the connector (since PR:L is the entire barrier to exploitation), and increase audit logging on SSH sessions to and from the connector and on any target Unix systems it manages; the trade-off is that tightening service-account scope can temporarily break legitimate provisioning workflows, so coordinate with the IAM operations team before pulling credentials.
More in Identity Manager Connector
View allIn Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events
VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. Rat
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability aff
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be
Takeover of Oracle Identity Manager Connector (Fusion Middleware) is achievable by a low-privileged remote attacker over
Full takeover of Oracle Identity Manager Connector (versions 12.2.1.4.0 and 14.1.2.1.0) is achievable by a low-privilege
Account takeover in Oracle Identity Manager Connector (Fusion Middleware, Mainframe Connectors component) versions 12.2.
VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. Rated critical severity (CVSS 9.
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Rated high severity (CVSS 8.8), th
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command i
JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write acce
Vulnerability in the Oracle Identity Manager Connector component of Oracle Fusion Middleware (subcomponent: Microsoft Ac
Same weakness CWE-269 – Improper Privilege Management
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37312