Back to overview

CVE-2026-35313

CRITICAL
9.9
CVSS 3.1

Metadata

CVE ID
CVE-2026-35313
State
PUBLISHED
Assigner
oracle
Reserved
2026-04-01 20:03 UTC
Published
2026-06-16 19:27 UTC
Last updated
2026-06-16 19:27 UTC
Vendor / Product
Oracle Corporation / Oracle Access Manager
Sources
cve.org  ·  NVD

Severity & Metrics

9.9 CRITICAL CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected products (1)
VendorProductPlatformVersions
Oracle Corporation Oracle Access Manager 12.2.1.4.0, 14.1.2.1.0
Weakness (CWE)
CWESourceDescription
cna Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Access Manager. While the vulnerability is in Oracle Access Manager, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Access Manager.
CVSS scores (1)
ScoreSeverityVersionSourceVector
9.9 CRITICAL 3.1 cna CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
References (1)
Back to overview