CVE Catalog

CVE-2026-46810

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

20th percentile — higher than 20% of all known CVEs

Summary

Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: End User Self Service) allows an unauthenticated attacker with network access via IIOP to compromise Identity Manager. Successful attacks can lead to unauthorized access to data, including updates, inserts, or deletions.

Risk Assessment

The risk to the organization includes the potential for unauthorized access to and modification of data, which may lead to breaches of confidentiality and integrity.

Recommendation

It is recommended to update to the latest version of the software to mitigate this vulnerability and implement additional security measures to restrict access to the system.

Original NVD description (English source)

Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: End User Self Service). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Identity Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Identity Manager accessible data as well as unauthorized read access to a subset of Identity Manager accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).

Vulnerability data from NVD (NIST) · CISA KEV · EPSS