PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-35265 Oracle Corporation CVE debrief

A high-severity vulnerability was discovered in Oracle Fusion Middleware's Identity Manager product. The vulnerability, tracked as CVE-2026-35265, has a CVSS score of 8.8 and allows a low-privileged attacker with network access via HTTP to compromise Identity Manager, potentially leading to a takeover. The vulnerability is located in the Security component of Identity Manager. Organizations using Oracle Fusion Middleware's Identity Manager product, specifically versions 12.2.1.4.0 and 14.1.2.1.0, should prioritize patching this vulnerability to prevent potential exploitation. The vulnerability has a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Vendor
Oracle Corporation
Product
Identity Manager
CVSS
HIGH 8.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-18
Advisory published
2026-06-17
Advisory updated
2026-06-18

Who should care

Organizations using Oracle Fusion Middleware's Identity Manager product, specifically versions 12.2.1.4.0 and 14.1.2.1.0, should prioritize patching this vulnerability to prevent potential exploitation. The vulnerability has a high CVSS score and is easily exploitable, making it a high-priority concern for security teams.

Technical summary

The vulnerability is located in the Security component of Identity Manager and has a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. It is easily exploitable and allows a low-privileged attacker with network access via HTTP to compromise Identity Manager, potentially leading to a takeover. The vulnerability affects Oracle Fusion Middleware's Identity Manager product, specifically versions 12.2.1.4.0 and 14.1.2.1.0.

Defensive priority

High priority should be given to patching this vulnerability, as it has a high CVSS score and is easily exploitable.

Recommended defensive actions

  • Apply the patch provided by Oracle Corporation as soon as possible.
  • Conduct a thorough review of Identity Manager configurations and ensure that all necessary security measures are in place.
  • Monitor Identity Manager systems for any suspicious activity.
  • Consider implementing additional security controls, such as network segmentation or access controls, to limit the attack surface.
  • Review compensating controls for exposed systems while remediation is scheduled and verified.
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review.
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented.

Evidence notes

The CVE record was published on 2026-06-17T10:40:18.710Z and was last modified on 2026-06-18T04:16:45.810Z. The NVD entry is currently Analyzed. This information is based on the NVD entry and the CVE record. The vulnerability affects Oracle Fusion Middleware's Identity Manager product, specifically versions 12.2.1.4.0 and 14.1.2.1.0. The vulnerability has a CVSS score of 8.8 and allows a low-privileged attacker with network access via HTTP to compromise Identity Manager, potentially leading to a takeover. The evidence is limited, and defenders should verify the affected scope and severity.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:40:18.710Z and has not been modified since then. The NVD entry is currently Analyzed.