CVE-2026-46794: Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware (component: Generic Unix Connector)
Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware (component: Generic Unix Connector). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via SSH to compromise Identity Manager Connector. While the vulnerability is in Identity Manager Connector, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Identity Manager Connector. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
Metrics
- CVSS v3.1
- 9.9
- Severity
- CRITICAL
- Fixed in
- —
- Affected Products
- 1
HarborGuard Analysis
Synopsis
A critical remote code execution vulnerability affects the Generic Unix Connector component of Oracle Identity Manager Connector (versions 12.2.1.4.0 and 14.1.2.1.0). The flaw is reachable over the network via SSH and requires only a low-privilege account, with no victim interaction needed. Successful exploitation gives an attacker full control of the Identity Manager Connector instance, with spillover impact on additional systems in scope. No fix versions have been published yet; HarborGuard tracks the advisory and will surface a patched rebuild the moment Oracle releases one.
HarborGuard Coverage
Detection is available across every HarborGuard environment: the CVE is ingested from upstream Oracle and NVD feeds within minutes of publication and matched against all customer images, including custom-built images that bundle Identity Manager Connector components. Any image found running an affected version (12.2.1.4.0 or 14.1.2.1.0) is flagged immediately.
AvailableHarborGuard scores this issue at CVSS 9.9 (Critical) and surfaces it at the top of each affected environment's vulnerability queue. Per-environment compliance policy weighting is applied, and the finding is routed to the appropriate team inbox based on each customer organization's ownership rules.
AvailableBecause no upstream fix has been published, HarborGuard re-evaluates the Oracle advisory on every ingest cycle and will make a patched-image rebuild available the moment Oracle ships a corrected version. In the interim, compensating controls such as SSH access restrictions via network policy and egress filtering can be configured and tracked through HarborGuard's policy engine.
Pending upstreamExploit Conditions
- Network reachabilityRequired
The attacker must reach the Identity Manager Connector service over the network via SSH; the service must be network-accessible for exploitation to proceed.
- AuthenticationRequired
A valid account with low privileges is sufficient; no administrative or elevated credentials are required beyond a basic authenticated SSH session.
- Victim interactionNot required
Exploitation is entirely attacker-driven; no user action, click, or approval from a legitimate user is needed.
- Attack complexityDetail
The exploit is reliable and condition-free, requiring no race conditions, specific memory layout, or environmental prerequisites beyond network access and a low-privilege credential.
Blast Radius
- A successful attacker achieves full takeover of the Identity Manager Connector instance, including reading all provisioning credentials, account data, and Unix connector configuration stored by the service.
- The attacker can modify or delete identity records, connector configurations, and provisioned account mappings, corrupting downstream Unix system access controls.
- The Identity Manager Connector process and its dependent services can be crashed or made permanently unavailable, disrupting automated provisioning and de-provisioning workflows.
- Because the CVSS scope is changed, impact extends beyond the connector itself: adjacent Oracle Fusion Middleware components that trust the connector can also be compromised.
How HarborGuard Handles This
Available on HarborGuard: because Oracle has not yet published a fix for CVE-2026-46794, HarborGuard monitors the advisory on every ingest cycle and will automatically trigger a patched-image rebuild and, for customers with auto-remediation enabled, open a regression-tested PR against affected workloads the moment an upstream fix is released. In the meantime, HarborGuard's policy engine can be used to enforce compensating controls: restricting SSH ingress to the connector via Kubernetes network policy, applying egress filtering to limit lateral movement from a compromised connector, and flagging any image running versions 12.2.1.4.0 or 14.1.2.1.0 as non-compliant for deployment gating. Given the 9.9 Critical score and scope-change designation, this CVE is surfaced at the highest priority tier in the vulnerability queue for all affected environments where compliance policy permits escalation.
- Oracle Corporation / Identity Manager Connector12.2.1.4.0 · 14.1.2.1.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H