Lucene search
K

Oracle Identity Manager (January 2026 CPU)

🗓️ 23 Jan 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 6 Views

Oracle Identity Manager versions 12.2.1.4.0 and 14.1.2.1.0 have unauthenticated remote vulnerabilities.

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: IBM Operational Decision Manager for December 2025 - Multiple CVEs addressed
29 Jan 202607:37
ibm
IBM Security Bulletins
Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by a vulnerability in spring-security-core-6.4.3.jar (CVE-2025-41248)
7 Oct 202507:19
ibm
IBM Security Bulletins
Security Bulletin: Security Vulnerability in Spring Security Affects IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2025-41248)
12 Jun 202618:50
ibm
IBM Security Bulletins
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Improper Authorization in Spring Framework [CVE-2025-41249]
17 Dec 202514:14
ibm
IBM Security Bulletins
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining 2.1.0
5 Dec 202509:12
ibm
IBM Security Bulletins
Security Bulletin: Multiple Security Vulnerabilities in Spring Framework Affect IBM Sterling B2B Integrator and IBM Sterling File Gateway
12 Jun 202618:28
ibm
IBM Security Bulletins
Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)
9 Dec 202515:01
ibm
IBM Security Bulletins
Security Bulletin: IBM Instana Observability has addressed Multiple Vulnerabilities within Instana Agent container image
3 Mar 202613:53
ibm
IBM Security Bulletins
Security Bulletin: Vulnerability in Spring Framework affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
22 Jun 202613:41
ibm
IBM Security Bulletins
Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities
31 Oct 202519:08
ibm
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(296246);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/30");

  script_cve_id("CVE-2025-41249");
  script_xref(name:"IAVA", value:"2026-A-0069");
  script_xref(name:"IAVA", value:"2026-A-0070-S");

  script_name(english:"Oracle Identity Manager (January 2026 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by multiple vulnerabilities");
  script_set_attribute(attribute:"description", value:
"The 12.2.1.4.0 and 14.1.2.1.0 versions of Identity Manager installed on the remote host are affected by multiple
vulnerabilities as referenced in the January 2026 CPU advisory.

  - Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: Installer
    (Spring Framework)). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily
    exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise
    Oracle Identity Manager. Successful attacks of this vulnerability can result in unauthorized access to
    critical data or complete access to all Oracle Identity Manager accessible data. (CVE-2025-41249)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/docs/tech/security-alerts/cpujan2026csaf.json");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpujan2026.html");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the January 2026 Oracle Critical Patch Update advisory.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-41249");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/01/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/01/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/23");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:identity_manager");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_identity_management_installed.nbin");
  script_require_keys("installed_sw/Oracle Identity Manager");

  exit(0);
}

include('vdf.inc');

# @tvdl-content
var vuln_data = {
  'metadata': {'spec_version': '1.0'},
  'checks': [
    {
      'product': {'name': 'Oracle Identity Manager', 'type': 'app'},
      'check_algorithm': 'default',
      'constraints' : [
        { 'min_version' : '12.2.1.4.0', 'fixed_version' : '12.2.1.4.251217' },
        { 'min_version' : '14.1.2.1.0', 'fixed_version' : '14.1.2.1.251219' }
      ]
    }
  ]
};

var vdf_result = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_HOLE);
vdf::handle_check_and_report_errors(vdf_result:vdf_result);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

30 Apr 2026 00:00Current
7High risk
Vulners AI Score7
CVSS 3.17.5
EPSS0.0046
SSVC
6