PatchSiren cyber security CVE debrief
CVE-2026-35265 Oracle Corporation CVE debrief
A high-severity vulnerability was discovered in Oracle Fusion Middleware's Identity Manager product. The vulnerability, tracked as CVE-2026-35265, has a CVSS score of 8.8 and allows a low-privileged attacker with network access via HTTP to compromise Identity Manager, potentially leading to a takeover. The vulnerability is located in the Security component of Identity Manager. Organizations using Oracle Fusion Middleware's Identity Manager product, specifically versions 12.2.1.4.0 and 14.1.2.1.0, should prioritize patching this vulnerability to prevent potential exploitation. The vulnerability has a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
- Vendor
- Oracle Corporation
- Product
- Identity Manager
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-18
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-18
Who should care
Organizations using Oracle Fusion Middleware's Identity Manager product, specifically versions 12.2.1.4.0 and 14.1.2.1.0, should prioritize patching this vulnerability to prevent potential exploitation. The vulnerability has a high CVSS score and is easily exploitable, making it a high-priority concern for security teams.
Technical summary
The vulnerability is located in the Security component of Identity Manager and has a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. It is easily exploitable and allows a low-privileged attacker with network access via HTTP to compromise Identity Manager, potentially leading to a takeover. The vulnerability affects Oracle Fusion Middleware's Identity Manager product, specifically versions 12.2.1.4.0 and 14.1.2.1.0.
Defensive priority
High priority should be given to patching this vulnerability, as it has a high CVSS score and is easily exploitable.
Recommended defensive actions
- Apply the patch provided by Oracle Corporation as soon as possible.
- Conduct a thorough review of Identity Manager configurations and ensure that all necessary security measures are in place.
- Monitor Identity Manager systems for any suspicious activity.
- Consider implementing additional security controls, such as network segmentation or access controls, to limit the attack surface.
- Review compensating controls for exposed systems while remediation is scheduled and verified.
- Check relevant monitoring, detection, and logs for exposed assets that need extra review.
- Track exceptions, retest remediated assets, and close the item only after evidence is documented.
Evidence notes
The CVE record was published on 2026-06-17T10:40:18.710Z and was last modified on 2026-06-18T04:16:45.810Z. The NVD entry is currently Analyzed. This information is based on the NVD entry and the CVE record. The vulnerability affects Oracle Fusion Middleware's Identity Manager product, specifically versions 12.2.1.4.0 and 14.1.2.1.0. The vulnerability has a CVSS score of 8.8 and allows a low-privileged attacker with network access via HTTP to compromise Identity Manager, potentially leading to a takeover. The evidence is limited, and defenders should verify the affected scope and severity.
Official resources
-
CVE-2026-35265 CVE record
CVE.org
-
CVE-2026-35265 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:40:18.710Z and has not been modified since then. The NVD entry is currently Analyzed.