PatchSiren cyber security CVE debrief
CVE-2026-46810 Oracle Corporation CVE debrief
A vulnerability was discovered in Oracle Fusion Middleware's Identity Manager product, specifically in the End User Self Service component. The affected versions are 12.2.1.4.0 and 14.1.2.1.0. This vulnerability is easily exploitable by an unauthenticated attacker with network access via IIOP, potentially leading to unauthorized update, insert, or delete access to some Identity Manager accessible data, as well as unauthorized read access to a subset of Identity Manager accessible data.
- Vendor
- Oracle Corporation
- Product
- Identity Manager
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-17
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-17
Who should care
Organizations using Oracle Fusion Middleware's Identity Manager product, specifically versions 12.2.1.4.0 and 14.1.2.1.0, should be aware of this vulnerability and take necessary precautions to mitigate the risk.
Technical summary
The vulnerability, CVE-2026-46810, is located in Oracle Fusion Middleware's Identity Manager product, specifically in the End User Self Service component. Versions 12.2.1.4.0 and 14.1.2.1.0 are affected. An unauthenticated attacker with network access via IIOP can easily exploit this vulnerability. Successful exploitation can lead to unauthorized update, insert, or delete access to some Identity Manager accessible data, as well as unauthorized read access to a subset of Identity Manager accessible data. The CVSS 3.1 Base Score is 6.5, indicating a medium severity level, with the CVSS Vector (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) showing that the vulnerability can be exploited over the network with low attack complexity and no required privileges or user interaction. The impacts are on confidentiality and integrity. Organizations should review their deployments of the affected versions and apply patches or mitigations as recommended by Oracle.
Defensive priority
Medium priority should be given to patching or mitigating this vulnerability, as it can be exploited over the network and has a medium CVSS score.
Recommended defensive actions
- Apply the patches provided by Oracle Corporation as soon as possible.
- Implement compensating controls to monitor and restrict network access to the affected systems.
- Perform inventory checks to ensure that all affected systems are identified and patched.
- Consider implementing additional security measures, such as network segmentation or access controls, to reduce the attack surface.
- Review and verify the configuration of affected systems to ensure they are properly secured.
- Monitor relevant logs and alerts for signs of potential exploitation.
- Track the patching process and verify the effectiveness of implemented controls.
Evidence notes
The CVE record was published on 2026-06-17T10:53:58.677Z and last modified on 2026-06-17T20:38:01.387Z. The NVD entry is currently Analyzed. The vulnerability is described in the Oracle Security Alert for June 2026.
Official resources
-
CVE-2026-46810 CVE record
CVE.org
-
CVE-2026-46810 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:53:58.677Z and has not been modified since then. The NVD entry is currently Analyzed.