CVE-2026-34294
Received Received - Intake
LDAP Privilege Escalation in Oracle Identity Manager Connector

Publication date: 2026-04-21

Last updated on: 2026-04-23

Assigner: Oracle

Description
Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Microsoft Active Directory). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows low privileged attacker with network access via LDAP to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Identity Manager Connector accessible data as well as unauthorized read access to a subset of Oracle Identity Manager Connector accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-21
Last Modified
2026-04-23
Generated
2026-06-16
AI Q&A
2026-04-22
EPSS Evaluated
2026-06-15
NVD
CVE-2026-34294
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
oracle identity_manager_connector 12.2.1.4.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

This vulnerability allows a low privileged attacker with network access via LDAP to perform unauthorized creation, deletion, modification, and read access to critical or accessible data within the Oracle Identity Manager Connector. Such unauthorized access and data manipulation could potentially lead to violations of data protection and privacy regulations like GDPR and HIPAA, which require strict controls over data confidentiality and integrity.

However, the provided information does not explicitly mention the impact on compliance with specific standards or regulations.

Executive Summary

This vulnerability exists in the Oracle Identity Manager Connector product, specifically in the Microsoft Active Directory component of Oracle Fusion Middleware version 12.2.1.4.0. It is difficult to exploit but allows a low privileged attacker with network access via LDAP to compromise the Oracle Identity Manager Connector.

If successfully exploited, the attacker can gain unauthorized capabilities such as creating, deleting, or modifying critical data or any data accessible through the Oracle Identity Manager Connector. Additionally, the attacker can read some subset of the accessible data without authorization.

Impact Analysis

The impact of this vulnerability includes unauthorized modification, creation, or deletion of critical data within the Oracle Identity Manager Connector environment. This can lead to data integrity issues and potential disruption of services relying on this data.

There is also unauthorized read access to some data, which can result in confidentiality breaches. Overall, this can compromise the security and trustworthiness of the system.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34294. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart