CVE-2026-35232
Received Received - Intake
Unauthorized Data Access via Dynamic Monitoring Service in Oracle Fusion Middleware

Publication date: 2026-04-21

Last updated on: 2026-04-27

Assigner: Oracle

Description
Vulnerability in Oracle Fusion Middleware (component: Dynamic Monitoring Service). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Fusion Middleware. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Fusion Middleware, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Fusion Middleware accessible data as well as unauthorized read access to a subset of Oracle Fusion Middleware accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-21
Last Modified
2026-04-27
Generated
2026-06-16
AI Q&A
2026-04-22
EPSS Evaluated
2026-06-15
NVD
CVE-2026-35232
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
oracle fusion_middleware 12.2.1.4.0
oracle fusion_middleware 14.1.2.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Oracle Fusion Middleware's Dynamic Monitoring Service component, specifically affecting versions 12.2.1.4.0 and 14.1.2.0.0.

It is easily exploitable by a low privileged attacker who has network access via HTTP. The attack requires human interaction from someone other than the attacker.

Successful exploitation can lead to unauthorized update, insertion, or deletion of some accessible data within Oracle Fusion Middleware, as well as unauthorized read access to a subset of that data.

Impact Analysis

If exploited, this vulnerability can allow an attacker to compromise Oracle Fusion Middleware, leading to unauthorized modification and disclosure of data.

This could result in loss of data integrity and confidentiality within the affected system.

Because the scope of the attack may extend beyond Oracle Fusion Middleware, additional products could also be significantly impacted.

Compliance Impact

This vulnerability allows unauthorized read and modification access to certain data within Oracle Fusion Middleware, which could potentially lead to data breaches or unauthorized data manipulation.

Such unauthorized access and data compromise may impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding the confidentiality and integrity of sensitive data.

However, the provided information does not explicitly state the direct effects on compliance with these standards.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-35232. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart