Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
| Link | Providers |
|---|---|
| https://www.oracle.com/security-alerts/cspujun2026.html |
|
Thu, 18 Jun 2026 04:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Unauthenticated LDAP Remote Compromise of Oracle Virtual Directory | |
| Weaknesses | CWE-284 | |
| Metrics |
ssvc
|
Tue, 16 Jun 2026 20:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Vulnerability in the Oracle Virtual Directory product of Oracle Fusion Middleware (component: Virtual Directory Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via LDAP to compromise Oracle Virtual Directory. Successful attacks of this vulnerability can result in takeover of Oracle Virtual Directory. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | |
| First Time appeared |
Oracle
Oracle virtual Directory |
|
| CPEs | cpe:2.3:a:oracle:virtual_directory:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:virtual_directory:14.1.2.0.0:*:*:*:*:*:*:* |
|
| Vendors & Products |
Oracle
Oracle virtual Directory |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: oracle
Published:
Updated: 2026-06-19T03:55:33.882Z
Reserved: 2026-04-01T20:03:40.837Z
Link: CVE-2026-35312
Updated: 2026-06-17T15:25:41.204Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-06-17T20:30:04Z