Vulnerabilities ›

CVE-2026-34288

Medium

                    Published: Apr 21, 2026                      ·  Modified: Apr 22, 2026                      ·  Source: NVD                

CVSS v3

5.9

🔗 NVD Official

📄 Description (English)

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Identity Manager Connector accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

🤖 AI Executive Summary

CVE-2026-34288 is a medium-severity vulnerability in Oracle Identity Manager Connector (v12.2.1.4.0) that allows unauthenticated network attackers to gain unauthorized access to sensitive data through HTTP. While exploitation is difficult and no public exploit exists, the vulnerability poses a confidentiality risk to organizations managing identity and access controls. Immediate assessment and compensating controls are recommended for Saudi organizations using this Oracle Fusion Middleware component.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 24, 2026 16:19

🇸🇦 Saudi Arabia Impact Assessment

Saudi organizations most at risk include: (1) Banking sector (SAMA-regulated banks) using Oracle Fusion Middleware for identity management and access control; (2) Government agencies (NCA, CITC) managing citizen identity systems; (3) Large enterprises and healthcare providers (MOH) relying on Oracle IAM for employee and patient data access; (4) Energy sector (ARAMCO, SEC) managing critical infrastructure access. The vulnerability threatens confidentiality of identity data, authentication credentials, and access control policies—critical for regulatory compliance under SAMA CSF and NCA ECC 2024.

🏢 Affected Saudi Sectors

Banking and Financial Services Government and Public Administration Healthcare Energy and Utilities Telecommunications Large Enterprises

🎯 MITRE ATT&CK Techniques

T1566 - Phishing (potential initial access if credentials compromised) T1589 - Gather Victim Identity Information (identity data exfiltration) T1110 - Brute Force (potential authentication bypass attempts) T1040 - Network Sniffing (HTTP traffic interception) T1526 - Find Accounts (identity enumeration) T1087 - Account Discovery (identity system reconnaissance)

⚖️ Saudi Risk Score (AI)

6.2

/ 10.0

🔧 Remediation Steps (English)

Immediate Actions:

1. Inventory all Oracle Identity Manager Connector v12.2.1.4.0 deployments across your organization

2. Restrict HTTP network access to Oracle Identity Manager Connector to trusted internal networks only; implement network segmentation

3. Enable and review HTTP access logs for suspicious unauthenticated connection attempts

4. Implement Web Application Firewall (WAF) rules to monitor and block suspicious HTTP requests to Identity Manager endpoints

Patching Guidance:

1. Contact Oracle Support immediately to request security patches or workarounds for v12.2.1.4.0

2. Plan upgrade to patched version (when available) in coordination with change management

3. Test patches in non-production environment before deployment

Compensating Controls (until patch available):

1. Deploy reverse proxy/API gateway with authentication enforcement in front of Identity Manager Connector

2. Implement IP whitelisting for Identity Manager Connector access

3. Enable mutual TLS (mTLS) for all connections to Identity Manager Connector

4. Implement rate limiting and anomaly detection on HTTP endpoints

5. Deploy intrusion detection/prevention systems (IDS/IPS) monitoring for exploitation attempts

Detection Rules:

1. Monitor for HTTP requests to Oracle Identity Manager Connector endpoints from unauthenticated sources

2. Alert on unusual data access patterns or bulk data retrieval attempts

3. Track failed authentication attempts followed by successful data access

4. Monitor for HTTP requests containing identity/credential-related parameters from external networks

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. حصر جميع نشرات Oracle Identity Manager Connector v12.2.1.4.0 في المنظمة

2. تقييد الوصول عبر HTTP إلى شبكات داخلية موثوقة فقط؛ تطبيق تقسيم الشبكة

3. تفعيل ومراجعة سجلات الوصول HTTP للكشف عن محاولات اتصال غير مصرحة مريبة

4. تطبيق قواعد جدار الحماية (WAF) لمراقبة وحجب طلبات HTTP المريبة

إرشادات التصحيح:

1. التواصل مع دعم Oracle فوراً لطلب تصحيحات أمنية أو حلول بديلة للإصدار 12.2.1.4.0

2. التخطيط للترقية إلى إصدار مصحح (عند توفره) بالتنسيق مع إدارة التغيير

3. اختبار التصحيحات في بيئة غير إنتاجية قبل النشر

الضوابط التعويضية (حتى توفر التصحيح):

1. نشر وكيل عكسي/بوابة API مع فرض المصادقة أمام Identity Manager Connector

2. تطبيق قائمة بيضاء للعناوين IP للوصول إلى Identity Manager Connector

3. تفعيل TLS المتبادل (mTLS) لجميع الاتصالات

4. تطبيق تحديد معدل الطلبات والكشف عن الشذوذ

5. نشر أنظمة كشف/منع الاختراق (IDS/IPS)

قواعد الكشف:

1. مراقبة طلبات HTTP من مصادر غير مصرحة

2. تنبيهات على أنماط الوصول غير العادية

3. تتبع محاولات المصادقة الفاشلة متبوعة بالوصول الناجح

4. مراقبة طلبات HTTP تحتوي على معاملات الهوية من شبكات خارجية

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 A.5.1.1 - Access Control Policy (unauthorized access prevention) ECC 2024 A.6.1.2 - User Registration and De-registration (identity management security) ECC 2024 A.8.2.1 - User Access Management (authentication and authorization) ECC 2024 A.12.4.1 - Event Logging (monitoring unauthorized access attempts)

🔵 SAMA CSF

SAMA CSF ID.AM-2 - Software, firmware, and information inventory (Oracle IAM component tracking) SAMA CSF PR.AC-1 - Processes and tools to manage user access (identity management controls) SAMA CSF PR.AC-4 - Access enforcement (authentication and authorization mechanisms) SAMA CSF DE.CM-1 - The network is monitored to detect potential cybersecurity events (HTTP access monitoring)

🟡 ISO 27001:2022

ISO 27001:2022 A.5.3 - Segregation of duties (identity management controls) ISO 27001:2022 A.8.2 - User access management (authentication, authorization, access rights) ISO 27001:2022 A.8.3 - User responsibilities (secure use of identity credentials) ISO 27001:2022 A.12.4 - Logging (monitoring and recording access attempts)

🟣 PCI DSS v4.0.1

PCI DSS 2.1 - Change default passwords and security parameters PCI DSS 7.1 - Limit access to system components by business need-to-know PCI DSS 8.1 - Assign unique ID to each person with computer access PCI DSS 10.2 - Implement automated audit trails for access to cardholder data

🔗 References & Sources 1

🔗

https://www.oracle.com/security-alerts/cpuapr2026.html

secalert_us@oracle.com

📊 CVSS Score

5.9

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack VectorN — None / Network

Attack ComplexityH — High

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityN — None / Network

AvailabilityN — None / Network

📋 Quick Facts

Severity Medium

CVSS Score5.9

EPSS0.03%

Exploit No

Patch ✗ No

Published 2026-04-21

Source Feed nvd

🇸🇦 Saudi Risk Score

6.2

/ 10.0 — Saudi Risk

Priority: HIGH

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-34288

Introduce Yourself

Sign In Required