CVE-2026-21992 — Missing Authentication for Critical Function in Corporation Oracle Identity Manager
Severity
9.8CRITICALNVD
EPSS
0.1%
top 81.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 20
Latest updateMar 21
Description
Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: REST WebServices) and Oracle Web Services Manager product of Oracle Fusion Middleware (component: Web Services Security). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager and Oracle Web Services Manager. Successful attacks of this vulnerability can result …
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages4 packages
🔴Vulnerability Details
2CVEList▶
CVE-2026-21992: Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: REST WebServices) and Oracle Web Services Manager product↗2026-03-20
GHSA▶
GHSA-hg4m-m77p-qp8j: Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: REST WebServices) and Oracle Web Services Manager product↗2026-03-20