Vulnerabilities ›

CVE-2026-34283

Medium

                    Published: Apr 21, 2026                      ·  Modified: Apr 22, 2026                      ·  Source: NVD                

CVSS v3

6.1

🔗 NVD Official

📄 Description (English)

Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: Identity Console). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Identity Manager, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Identity Manager accessible data as well as unauthorized read access to a subset of Oracle Identity Manager accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).

🤖 AI Executive Summary

Oracle Identity Manager contains an easily exploitable vulnerability in the Identity Console component that allows unauthenticated attackers to compromise the system via HTTP with user interaction. Successful exploitation can result in unauthorized data access, modification, and deletion affecting versions 12.2.1.4.0 and 14.1.2.0.0.

📄 Description (Arabic)

تؤثر هذه الثغرة على مكون Identity Console في Oracle Identity Manager وتسمح للمهاجمين غير المصرحين بالوصول إلى النظام عبر HTTP. يتطلب الاستغلال تفاعل المستخدم ويمكن أن يؤثر على منتجات إضافية بسبب تغيير النطاق. يمكن أن يؤدي الاستغلال الناجح إلى قراءة وتعديل وحذف البيانات المحمية.

🤖 ملخص تنفيذي (AI)

Oracle Identity Manager يحتوي على ثغرة قابلة للاستغلال بسهولة في مكون Identity Console تسمح للمهاجمين غير المصرحين بالوصول عبر HTTP مع تفاعل المستخدم. يمكن أن يؤدي الاستغلال الناجح إلى وصول غير مصرح به وتعديل وحذف البيانات.

🤖 AI Intelligence Analysis Analyzed: May 24, 2026 03:00

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

banking government telecom healthcare

🎯 MITRE ATT&CK Techniques

T1190 T1566 T1598 T1110

⚖️ Saudi Risk Score (AI)

7.0

/ 10.0

🔧 Remediation Steps (English)

Immediately update Oracle Identity Manager to patched versions beyond 12.2.1.4.0 and 14.1.2.0.0. Implement network segmentation to restrict HTTP access to Identity Console. Deploy multi-factor authentication and enforce strict access controls. Monitor for suspicious authentication attempts and unauthorized data modifications. Apply Oracle security patches as soon as available.

🔧 خطوات المعالجة (العربية)

قم بتحديث Oracle Identity Manager فوراً إلى الإصدارات المصححة. قم بتطبيق تقسيم الشبكة لتقييد الوصول إلى Identity Console. طبق المصادقة متعددة العوامل والتحكم الصارم في الوصول. راقب محاولات المصادقة المريبة والتعديلات غير المصرح بها على البيانات.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

5.1.1 5.1.2 5.2.1 5.3.1

🔵 SAMA CSF

AC-2 AC-3 AC-6 SI-2

🟡 ISO 27001:2022

A.9.1.1 A.9.2.1 A.9.4.1 A.14.2.1

🔗 References & Sources 1

🔗

https://www.oracle.com/security-alerts/cpuapr2026.html

secalert_us@oracle.com

📊 CVSS Score

6.1

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionR — Required

ScopeC — Changed

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityN — None / Network

📋 Quick Facts

Severity Medium

CVSS Score6.1

EPSS0.03%

Exploit No

Patch ✗ No

Published 2026-04-21

Source Feed nvd

🇸🇦 Saudi Risk Score

7.0

/ 10.0 — Saudi Risk

Priority: HIGH

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-34283

Introduce Yourself

Sign In Required