Oracle Identity Manager — known CVE vulnerabilities
Every CVE whose affected-product data names Oracle Identity Manager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (23)
CVE-2017-10151 — CVSS 10.0 (critical): Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Default Account). Supported versions that…
CVE-2026-35268 — CVSS 9.9 (critical): Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are…
CVE-2026-35294 — CVSS 9.9 (critical): Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware (component: Mainframe Connectors). Supported versions…
CVE-2017-3553 — CVSS 9.9 (critical): Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Rules Engine). The supported version that…
CVE-2026-46807 — CVSS 9.8 (critical): Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: OIM Legacy UI). Supported versions that are affected…
CVE-2026-21992 — CVSS 9.8 (critical): Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: REST WebServices) and Oracle Web Services…
CVE-2019-2729 — CVSS 9.8 (critical): Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are…
CVE-2017-15095 — CVSS 9.8 (critical): A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated…
CVE-2026-35267 — CVSS 8.8 (high): Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported versions that are…
CVE-2026-35265 — CVSS 8.8 (high): Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Security). Supported versions that are affected are…
CVE-2021-2458 — CVSS 7.6 (high): Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Identity Console). Supported versions that are…
CVE-2026-35269 — CVSS 7.5 (high): Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported versions that are…
CVE-2020-2728 — CVSS 7.5 (high): Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: OIM - LDAP user and role Synch). The supported…
CVE-2018-3179 — CVSS 7.2 (high): Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Advanced Console). Supported versions…
CVE-2026-46810 — CVSS 6.5 (medium): Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: End User Self Service). Supported versions that are…
CVE-2026-34283 — CVSS 6.1 (medium): Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: Identity Console). Supported versions that are…
CVE-2019-11358 — CVSS 6.1 (medium): jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of…
CVE-2014-2880 — CVSS 5.8 (medium): Open redirect vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2…
CVE-2020-2729 — CVSS 5.4 (medium): Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Advanced Console). Supported versions that are…
CVE-2021-2457 — CVSS 5.3 (medium): Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Request Management & Workflow). The supported version…
CVE-2019-2858 — CVSS 4.3 (medium): Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Advanced Console). Supported versions…
CVE-2016-5506 — CVSS 3.1 (low): Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware allows local users to affect confidentiality…