CVE-2026-34290
Received Received - Intake
Denial of Service in Oracle Identity Manager Connector

Publication date: 2026-04-21

Last updated on: 2026-04-23

Assigner: Oracle

Description
Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Identity Manager Connector. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-21
Last Modified
2026-04-23
Generated
2026-06-16
AI Q&A
2026-04-22
EPSS Evaluated
2026-06-15
NVD
CVE-2026-34290
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
oracle identity_manager_connector 12.2.1.4.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Oracle Identity Manager Connector product of Oracle Fusion Middleware, specifically in version 12.2.1.4.0. It is an easily exploitable flaw that allows an unauthenticated attacker with network access via TCP to compromise the Oracle Identity Manager Connector.

The attacker can cause the Oracle Identity Manager Connector to hang or repeatedly crash, resulting in a complete denial of service (DoS).

Impact Analysis

The primary impact of this vulnerability is on the availability of the Oracle Identity Manager Connector. An attacker can cause the service to hang or crash repeatedly, leading to a complete denial of service.

This means legitimate users and systems relying on the Oracle Identity Manager Connector may experience service interruptions or outages.

Compliance Impact

The vulnerability results in a denial of service (DoS) condition affecting availability but does not impact confidentiality or integrity of data.

Since the vulnerability does not lead to unauthorized access or data breach, its direct impact on compliance with standards like GDPR or HIPAA, which focus heavily on data protection and privacy, is limited.

However, the availability impact could affect service continuity requirements under these regulations, potentially leading to compliance concerns if critical services are disrupted.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34290. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart