PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46810 Oracle Corporation CVE debrief

A vulnerability was discovered in Oracle Fusion Middleware's Identity Manager product, specifically in the End User Self Service component. The affected versions are 12.2.1.4.0 and 14.1.2.1.0. This vulnerability is easily exploitable by an unauthenticated attacker with network access via IIOP, potentially leading to unauthorized update, insert, or delete access to some Identity Manager accessible data, as well as unauthorized read access to a subset of Identity Manager accessible data.

Vendor
Oracle Corporation
Product
Identity Manager
CVSS
MEDIUM 6.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-17
Advisory published
2026-06-17
Advisory updated
2026-06-17

Who should care

Organizations using Oracle Fusion Middleware's Identity Manager product, specifically versions 12.2.1.4.0 and 14.1.2.1.0, should be aware of this vulnerability and take necessary precautions to mitigate the risk.

Technical summary

The vulnerability, CVE-2026-46810, is located in Oracle Fusion Middleware's Identity Manager product, specifically in the End User Self Service component. Versions 12.2.1.4.0 and 14.1.2.1.0 are affected. An unauthenticated attacker with network access via IIOP can easily exploit this vulnerability. Successful exploitation can lead to unauthorized update, insert, or delete access to some Identity Manager accessible data, as well as unauthorized read access to a subset of Identity Manager accessible data. The CVSS 3.1 Base Score is 6.5, indicating a medium severity level, with the CVSS Vector (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) showing that the vulnerability can be exploited over the network with low attack complexity and no required privileges or user interaction. The impacts are on confidentiality and integrity. Organizations should review their deployments of the affected versions and apply patches or mitigations as recommended by Oracle.

Defensive priority

Medium priority should be given to patching or mitigating this vulnerability, as it can be exploited over the network and has a medium CVSS score.

Recommended defensive actions

  • Apply the patches provided by Oracle Corporation as soon as possible.
  • Implement compensating controls to monitor and restrict network access to the affected systems.
  • Perform inventory checks to ensure that all affected systems are identified and patched.
  • Consider implementing additional security measures, such as network segmentation or access controls, to reduce the attack surface.
  • Review and verify the configuration of affected systems to ensure they are properly secured.
  • Monitor relevant logs and alerts for signs of potential exploitation.
  • Track the patching process and verify the effectiveness of implemented controls.

Evidence notes

The CVE record was published on 2026-06-17T10:53:58.677Z and last modified on 2026-06-17T20:38:01.387Z. The NVD entry is currently Analyzed. The vulnerability is described in the Oracle Security Alert for June 2026.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:53:58.677Z and has not been modified since then. The NVD entry is currently Analyzed.