Vulnerabilities ›

CVE-2026-35252

Medium

                    Published: Apr 21, 2026                      ·  Modified: Apr 22, 2026                      ·  Source: NVD                

CVSS v3

6.4

🔗 NVD Official

📄 Description (English)

Vulnerability in the Oracle Security Service product of Oracle Fusion Middleware (component: C Oracle SSL API). Supported versions that are affected are 12.2.1.4.0 and 12.1.3.0.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Security Service. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Security Service accessible data as well as unauthorized access to critical data or complete access to all Oracle Security Service accessible data. CVSS 3.1 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N).

🤖 AI Executive Summary

A vulnerability in Oracle Security Service within Oracle Fusion Middleware allows low-privileged attackers with network access to compromise confidentiality and integrity of critical data through HTTPS. The attack requires human interaction and affects versions 12.2.1.4.0 and 12.1.3.0.0.

📄 Description (Arabic)

ثغرة في مكون Oracle SSL API ضمن خدمة أمان Oracle تسمح بالوصول غير المصرح به وتعديل البيانات الحرجة. تتطلب الثغرة امتيازات منخفضة والوصول عبر الشبكة مع تفاعل بشري من طرف ثالث. تؤثر على إصدارات محددة من Oracle Fusion Middleware.

🤖 ملخص تنفيذي (AI)

ثغرة في خدمة أمان Oracle ضمن Oracle Fusion Middleware تسمح للمهاجمين ذوي الامتيازات المنخفضة بالوصول عبر الشبكة للتأثير على سرية وسلامة البيانات الحرجة. يتطلب الهجوم تفاعلاً بشرياً ويؤثر على الإصدارات 12.2.1.4.0 و 12.1.3.0.0.

🤖 AI Intelligence Analysis Analyzed: May 14, 2026 03:23

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

banking government healthcare energy

🎯 MITRE ATT&CK Techniques

T1190 T1199 T1566

⚖️ Saudi Risk Score (AI)

7.0

/ 10.0

🔧 Remediation Steps (English)

Immediately update Oracle Fusion Middleware to patched versions beyond 12.2.1.4.0 and 12.1.3.0.0. Implement network segmentation to restrict HTTPS access to Oracle Security Service. Enforce strong authentication mechanisms and conduct user awareness training to prevent social engineering attacks. Monitor access logs for suspicious activities.

🔧 خطوات المعالجة (العربية)

قم بتحديث Oracle Fusion Middleware فوراً إلى الإصدارات المصححة بعد 12.2.1.4.0 و 12.1.3.0.0. طبق تقسيم الشبكة لتقييد الوصول عبر HTTPS إلى خدمة أمان Oracle. فرض آليات المصادقة القوية وإجراء تدريب الوعي الأمني للمستخدمين. راقب سجلات الوصول للأنشطة المريبة.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

5.1 5.2 6.1

🔵 SAMA CSF

ID.AM-2 PR.AC-1 PR.DS-1

🟡 ISO 27001:2022

A.9.2.1 A.9.4.3 A.10.1.1

🔗 References & Sources 1

🔗

https://www.oracle.com/security-alerts/cpuapr2026.html

secalert_us@oracle.com

📊 CVSS Score

6.4

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

Attack VectorN — None / Network

Attack ComplexityH — High

Privileges RequiredL — Low / Local

User InteractionR — Required

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityN — None / Network

📋 Quick Facts

Severity Medium

CVSS Score6.4

EPSS0.03%

Exploit No

Patch ✗ No

Published 2026-04-21

Source Feed nvd

🇸🇦 Saudi Risk Score

7.0

/ 10.0 — Saudi Risk

Priority: HIGH

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-35252

Introduce Yourself

Sign In Required