Vulnerabilities ›

CVE-2026-34294

Medium

                    Published: Apr 21, 2026                      ·  Modified: Apr 22, 2026                      ·  Source: NVD                

CVSS v3

5.9

🔗 NVD Official

📄 Description (English)

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Microsoft Active Directory). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows low privileged attacker with network access via LDAP to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Identity Manager Connector accessible data as well as unauthorized read access to a subset of Oracle Identity Manager Connector accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N).

🤖 AI Executive Summary

CVE-2026-34294 is a vulnerability in Oracle Identity Manager Connector affecting version 12.2.1.4.0 that allows low-privileged attackers with network access via LDAP to compromise the system. Successful exploitation can result in unauthorized creation, deletion, or modification of critical data and unauthorized read access to sensitive information.

📄 Description (Arabic)

ثغرة في مكون Microsoft Active Directory بموصل Oracle Identity Manager تسمح لمهاجمين بامتيازات منخفضة بالوصول عبر LDAP. يمكن للمهاجمين إنشاء أو حذف أو تعديل البيانات الحرجة والوصول غير المصرح به إلى المعلومات الحساسة. الثغرة تتطلب مستوى صعوبة عالي للاستغلال لكنها تؤثر على سرية وسلامة البيانات.

🤖 ملخص تنفيذي (AI)

This vulnerability affects Oracle Identity Manager Connector version 12.2.1.4.0, allowing low-privileged network attackers to exploit the Microsoft Active Directory component via LDAP. Attackers can gain unauthorized access to create, delete, or modify critical data and read sensitive information.

🤖 AI Intelligence Analysis Analyzed: May 24, 2026 16:32

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

banking government healthcare telecom

🎯 MITRE ATT&CK Techniques

T1078.001 T1547.001 T1556.001

⚖️ Saudi Risk Score (AI)

6.0

/ 10.0

🔧 Remediation Steps (English)

Upgrade Oracle Identity Manager Connector to the latest patched version beyond 12.2.1.4.0. Implement network segmentation to restrict LDAP access to authorized systems only. Apply principle of least privilege for user accounts accessing the connector. Monitor LDAP authentication logs for suspicious activities and implement strong authentication mechanisms.

🔧 خطوات المعالجة (العربية)

قم بترقية موصل Oracle Identity Manager إلى أحدث إصدار مصحح بعد 12.2.1.4.0. طبق تقسيم الشبكة لتقييد الوصول إلى LDAP للأنظمة المصرح بها فقط. طبق مبدأ الامتيازات الأقل للحسابات التي تصل إلى الموصل. راقب سجلات مصادقة LDAP للأنشطة المريبة وطبق آليات مصادقة قوية.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

5.1.1 5.1.2 5.2.1

🔵 SAMA CSF

AC-2 AC-3 AC-6

🟡 ISO 27001:2022

A.9.1.1 A.9.2.1 A.9.4.1

🔗 References & Sources 1

🔗

https://www.oracle.com/security-alerts/cpuapr2026.html

secalert_us@oracle.com

📊 CVSS Score

5.9

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N

Attack VectorN — None / Network

Attack ComplexityH — High

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityH — High

AvailabilityN — None / Network

📋 Quick Facts

Severity Medium

CVSS Score5.9

EPSS0.03%

Exploit No

Patch ✗ No

Published 2026-04-21

Source Feed nvd

🇸🇦 Saudi Risk Score

6.0

/ 10.0 — Saudi Risk

Priority: HIGH

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-34294

Introduce Yourself

Sign In Required