Vulnerabilities ›

CVE-2026-35232

Medium

                    Published: Apr 21, 2026                      ·  Modified: Apr 22, 2026                      ·  Source: NVD                

CVSS v3

5.4

🔗 NVD Official

📄 Description (English)

Vulnerability in Oracle Fusion Middleware (component: Dynamic Monitoring Service). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Fusion Middleware. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Fusion Middleware, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Fusion Middleware accessible data as well as unauthorized read access to a subset of Oracle Fusion Middleware accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).

🤖 AI Executive Summary

A medium-severity vulnerability in Oracle Fusion Middleware Dynamic Monitoring Service (versions 12.2.1.4.0 and 14.1.2.0.0) allows low-privileged attackers with network access to compromise the system via HTTP. Successful exploitation requires user interaction and can result in unauthorized data access and modification across multiple products.

📄 Description (Arabic)

ثغرة في مكون Dynamic Monitoring Service بـ Oracle Fusion Middleware تسمح لمهاجم بامتيازات منخفضة بالوصول عبر HTTP بتجاوز آليات التفويض. يتطلب الاستغلال تفاعل المستخدم ويمكن أن يؤثر على سرية وسلامة البيانات. الثغرة تؤثر على نطاق أوسع من المنتجات المتصلة.

🤖 ملخص تنفيذي (AI)

ثغرة متوسطة الخطورة في خدمة المراقبة الديناميكية بـ Oracle Fusion Middleware تسمح لمهاجمين بامتيازات منخفضة بالوصول عبر الشبكة. يتطلب الاستغلال الناجح تفاعل المستخدم ويمكن أن يؤدي إلى وصول غير مصرح به وتعديل البيانات.

🤖 AI Intelligence Analysis Analyzed: May 28, 2026 00:00

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

banking government energy healthcare

🎯 MITRE ATT&CK Techniques

T1190 T1078 T1566

⚖️ Saudi Risk Score (AI)

5.0

/ 10.0

🔧 Remediation Steps (English)

Update Oracle Fusion Middleware to patched versions immediately. Apply security patches for versions 12.2.1.4.0 and 14.1.2.0.0. Implement network segmentation to restrict HTTP access to Fusion Middleware components. Enforce strong authentication and multi-factor authentication for administrative access. Monitor access logs for suspicious activities and unauthorized data modifications.

🔧 خطوات المعالجة (العربية)

قم بتحديث Oracle Fusion Middleware إلى الإصدارات المصححة فوراً. طبق تصحيحات الأمان للإصدارات المتأثرة. قم بتنفيذ تقسيم الشبكة لتقييد الوصول عبر HTTP. فرض المصادقة القوية والمصادقة متعددة العوامل. راقب سجلات الوصول للأنشطة المريبة.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

5.1.1 5.1.2 5.2.1

🔵 SAMA CSF

AC-2 AC-3 SI-2

🟡 ISO 27001:2022

A.6.1.2 A.9.2.1 A.12.6.1

🔗 References & Sources 1

🔗

https://www.oracle.com/security-alerts/cpuapr2026.html

secalert_us@oracle.com

📊 CVSS Score

5.4

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionR — Required

ScopeC — Changed

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityN — None / Network

📋 Quick Facts

Severity Medium

CVSS Score5.4

EPSS0.03%

Exploit No

Patch ✗ No

Published 2026-04-21

Source Feed nvd

🇸🇦 Saudi Risk Score

5.0

/ 10.0 — Saudi Risk

Priority: MEDIUM

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-35232

Introduce Yourself

Sign In Required