Security advisories

Oracle Identity Manager Vulnerability

February 26, 2019 | 1 MIN READ

Speak With A Security Expert Now

TALK TO AN EXPERT

Oracle has released a patch for a critical vulnerability affecting Oracle Identity Manager. Unpatched versions of Oracle Identity Manager have a default account that can be accessed over HTTP and used to take control of the identity management system. This vulnerability does not require any end-user interaction and Oracle has described it as being easily exploitable by threat actors.

What you should do:

Additional Information
This vulnerability is tracked as CVE-2017-10151. On the Common Vulnerability Scoring System (CVSS), this vulnerability is rated 10/10.
Affected versions of Oracle Identity Manager include:

For more information please visit:

http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10151-4016513.html

http://www.securityweek.com/oracle-patches-critical-flaw-identity-manager

View Most Recent Advisories