Oracle Identity Manager Connector — known CVE vulnerabilities
Every CVE whose affected-product data names Oracle Identity Manager Connector, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (20)
CVE-2026-46794 — CVSS 9.9 (critical): Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware (component: Generic Unix Connector). Supported versions…
CVE-2026-46793 — CVSS 9.9 (critical): Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware (component: Database User). Supported versions that are…
CVE-2026-46792 — CVSS 9.9 (critical): Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware (component: Generic Unix Connector). Supported versions…
CVE-2022-23305 — CVSS 9.8 (critical): By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are…
CVE-2017-5645 — CVSS 9.8 (critical): In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another…
CVE-2026-34285 — CVSS 9.1 (critical): Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is…
CVE-2026-34286 — CVSS 9.1 (critical): Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is…
CVE-2026-34287 — CVSS 9.1 (critical): Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is…
CVE-2022-23302 — CVSS 8.8 (high): JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j…
CVE-2022-23307 — CVSS 8.8 (high): CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of…
CVE-2017-10270 — CVSS 8.2 (high): Vulnerability in the Oracle Identity Manager Connector component of Oracle Fusion Middleware (subcomponent: Microsoft Active Directory)…
CVE-2020-24750 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-24616 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2019-0222 — CVSS 7.5 (high): In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.
CVE-2026-34290 — CVSS 7.5 (high): Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is…
CVE-2018-15756 — CVSS 7.5 (high): Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x…
CVE-2021-45105 — CVSS 5.9 (medium): Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from…
CVE-2026-34294 — CVSS 5.9 (medium): Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Microsoft Active Directory). The…
CVE-2026-34289 — CVSS 5.9 (medium): Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is…
CVE-2026-34288 — CVSS 5.9 (medium): Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is…