PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-35269 Oracle Corporation CVE debrief

A high-severity vulnerability was discovered in Oracle Fusion Middleware's Identity Manager product, specifically in the REST WebServices component. The vulnerability, tracked as CVE-2026-35269, has a CVSS score of 7.5 and allows unauthenticated attackers with network access via HTTP to compromise Identity Manager, potentially leading to unauthorized creation, deletion, or modification of critical data. Organizations using Oracle Fusion Middleware's Identity Manager product, specifically versions 12.2.1.4.0 and 14.1.2.1.0, should prioritize patching this vulnerability to prevent potential data integrity impacts.

Vendor
Oracle Corporation
Product
Identity Manager
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-17
Advisory published
2026-06-17
Advisory updated
2026-06-17

Who should care

Organizations using Oracle Fusion Middleware's Identity Manager product, specifically versions 12.2.1.4.0 and 14.1.2.1.0, should prioritize patching this vulnerability to prevent potential data integrity impacts. Security teams and administrators responsible for Identity Manager deployments should review the official advisory and take immediate action to mitigate the vulnerability.

Technical summary

The vulnerability, tracked as CVE-2026-35269, is easily exploitable and allows unauthenticated attackers with network access via HTTP to compromise Identity Manager. Successful attacks can result in unauthorized creation, deletion, or modification access to critical data or all Identity Manager accessible data. The CVSS 3.1 Base Score is 7.5 (Integrity impacts), with a vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N. The vulnerability affects Oracle Fusion Middleware's Identity Manager product, specifically versions 12.2.1.4.0 and 14.1.2.1.0.

Defensive priority

High priority should be given to patching this vulnerability due to its high CVSS score and potential for data integrity impacts.

Recommended defensive actions

  • Apply the vendor-provided patch as soon as possible
  • Review and update Identity Manager configurations to ensure proper security controls are in place
  • Monitor Identity Manager systems for suspicious activity
  • Implement compensating controls, such as additional authentication or access controls, if patching is not immediately feasible
  • Review relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up

Evidence notes

The CVE record was published on 2026-06-17T10:40:19.130Z and last modified on 2026-06-17T18:55:31.517Z. The NVD entry is currently Analyzed. This information is based on the NVD entry and the CVE record. The vulnerability affects Oracle Fusion Middleware's Identity Manager product, specifically versions 12.2.1.4.0 and 14.1.2.1.0. The REST WebServices component is impacted. Defenders should verify the affected scope and review the official advisory for mitigation guidance.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:40:19.130Z and has not been modified since then. The NVD entry is currently Analyzed.