Home / Vulnerability Intelligence / CVE-2026-34287

CVE-2026-34287 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: April 21, 2026

Oracle Identity Manager Connector - Broken Access Control

Published: April 21, 2026Updated: April 21, 2026Remote Exploitable

Overview

Oracle Identity Manager Connector 12.2.1.4.0 contains an unauthorized access vulnerability caused by insufficient authentication in the core component, letting unauthenticated attackers with network access via HTTPS create, delete, or modify critical data.

Severity & Score

Severity: Critical

CVSS Score: 9.1

Impact

Unauthenticated attackers can create, delete, or modify critical data, leading to full data compromise.

Mitigation

Update to the latest available version.

References

https://www.oracle.com/security-alerts/cpuapr2026.html

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-34287
Severity: Critical
CVSS Score: 9.1
Type: broken_access_control
Status: new

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N