Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Identity Manager Connector accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
CVE-2026-34289 is a medium-severity vulnerability in Oracle Identity Manager Connector 12.2.1.4.0 that allows unauthenticated network attackers to gain unauthorized access to sensitive data through HTTPS. The vulnerability is difficult to exploit but could result in complete compromise of confidential information accessible through the connector.
ثغرة في منتج Oracle Identity Manager Connector من Oracle Fusion Middleware تؤثر على الإصدار 12.2.1.4.0. تسمح الثغرة لمهاجم غير مصرح به بالوصول عبر الشبكة عبر HTTPS بالوصول غير المصرح به إلى البيانات الحساسة. يمكن أن يؤدي الاستغلال الناجح إلى الوصول الكامل إلى جميع البيانات التي يمكن الوصول إليها من خلال موصل Identity Manager.
CVE-2026-34289 is a medium-severity vulnerability in Oracle Identity Manager Connector 12.2.1.4.0 that allows unauthenticated network attackers to gain unauthorized access to sensitive data through HTTPS. The vulnerability is difficult to exploit but could result in complete compromise of confidential information accessible through the connector.
Immediately upgrade Oracle Identity Manager Connector to a patched version beyond 12.2.1.4.0. Implement network segmentation to restrict HTTPS access to the connector from trusted sources only. Apply principle of least privilege for connector service accounts. Monitor and audit all access attempts to the Identity Manager Connector. Consider implementing Web Application Firewall (WAF) rules to detect and block exploitation attempts.
قم بترقية موصل Oracle Identity Manager فوراً إلى نسخة مصححة تتجاوز 12.2.1.4.0. طبق تقسيم الشبكة لتقييد الوصول عبر HTTPS من مصادر موثوقة فقط. طبق مبدأ الامتيازات الأقل للحسابات الخدمية للموصل. راقب وتدقق جميع محاولات الوصول إلى موصل Identity Manager. فكر في تطبيق قواعد جدار تطبيقات الويب (WAF) للكشف عن محاولات الاستغلال وحجبها.