Critical Vulnerability Found in Oracle Identity Manager


Oracle has released a patch to address the vulnerability.

A critical vulnerability in the Oracle Identity Manager allows an attacker to take complete control over a system remotely.

Oracle has offered scant details about the vulnerability, fearing further exploitation. Oracle said in an advisory: “This Security Alert addresses CVE-2017-10151, a vulnerability affecting Oracle Identity Manager. This vulnerability has a CVSS v3 base score of 10.0 and can result in complete compromise of Oracle Identity Manager via an unauthenticated network attack. The Patch Availability Document referenced below provides a full workaround for this vulnerability and will be updated when patches in addition to the workaround are available.”

Oracle is recommending that customers apply the updates provided by this Security Alert without delay.

According to The Hacker News, “The security patch for this vulnerability comes just about two weeks after Oracle's regular Critical Patch Update (CPU) for October 2017, which patches a total of 252 vulnerabilities in its products, including 40 in Fusion Middleware out of which 26 are remotely exploitable without authentication.”


Related content

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>


		<div class=