After releasing its quarterly patch not too long ago, Oracle issued an out-of-cycle patch that plugs a critical vulnerability affecting Oracle Identity Manager.
The product is the company’s widely-used enterprise identity management system that is part of the Fusion Middleware offering.
“Due to the severity of this vulnerability, Oracle strongly recommends that customers apply the updates provided by this Security Alert without delay,” the company said in an advisory.
The vulnerability has been assigned CVSS v3 base score of 10.0, and can result in complete compromise of Oracle Identity Manager via an unauthenticated network attack. It is easily exploitable, and a successful attack requires no human interaction.
Supported affected versions of the product are: 126.96.36.199, 188.8.131.52, 184.108.40.206.0, 220.127.116.11.0, 18.104.22.168.0, and 22.214.171.124.0.
“Product releases that are not under Premier Support or Extended Support are not tested for the presence of vulnerabilities addressed by this Security Alert. However, it is likely that earlier versions of affected releases are also affected by these vulnerabilities,” Oracle said.
No additional, specific details about the flaw ended up released.