PT-2026-34169 · Oracle · Oracle Security Service+1
Published
2026-04-21
·
Updated
2026-04-27
·
CVE-2026-35252
CVSS v3.1
6.4
Medium
| Vector | AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Oracle Fusion Middleware Oracle Security Service version 12.2.1.4.0
Oracle Fusion Middleware Oracle Security Service version 12.1.3.0.0
Description
An issue exists in the C Oracle SSL API component of the Oracle Security Service. A low-privileged attacker with network access via HTTPS can compromise the service, although successful exploitation is difficult and requires human interaction from a person other than the attacker. This could lead to unauthorized access, creation, deletion, or modification of critical data or all data accessible by the Oracle Security Service.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Oracle Security Service
Fusion Middleware