Back to overview

CVE-2026-35261

MEDIUM

6.5

CVSS 3.1

Metadata

CVE ID: CVE-2026-35261
State: PUBLISHED
Assigner: oracle
Reserved: 2026-04-01 20:03 UTC
Published: 2026-06-16 19:26 UTC
Last updated: 2026-06-17 14:33 UTC
Primary CWE: CWE-287
CWE-287 Improper Authentication
Vendor / Product: Oracle Corporation / Oracle Access Manager
Sources: cve.org · NVD

Severity & Metrics

6.5 MEDIUM CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

SSVC — CISA Coordinator

Exploitation: none
Automatable: yes
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
Oracle Corporation	Oracle Access Manager	—	12.2.1.4.0, 14.1.2.1.0

Weakness (CWE)

CWE	Source	Description
—	cna	Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Access Manager accessible data as well as unauthorized read access to a subset of Oracle Access Manager accessible data.
CWE-287	adp	CWE-287 Improper Authentication

CVSS scores (1)

Score	Severity	Version	Source	Vector
6.5	MEDIUM	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

References (1)

Oracle Advisory https://www.oracle.com/security-alerts/cspujun2026.html

Back to overview