Your one-stop web resource providing safety and security information to manufacturers

After releasing its quarterly patch not too long ago, Oracle issued an out-of-cycle patch that plugs a critical vulnerability affecting Oracle Identity Manager.

The product is the company’s widely-used enterprise identity management system that is part of the Fusion Middleware offering.

Oracle Patches Vulnerabilities
Oracle Addresses Apache Struts Flaw
Oracle Moves to Boost Cloud Security
Misconfigured Port Opens Door to Attackers

“Due to the severity of this vulnerability, Oracle strongly recommends that customers apply the updates provided by this Security Alert without delay,” the company said in an advisory.

The vulnerability has been assigned CVSS v3 base score of 10.0, and can result in complete compromise of Oracle Identity Manager via an unauthenticated network attack. It is easily exploitable, and a successful attack requires no human interaction.

Cyber Security

Supported affected versions of the product are:,,,,, and

“Product releases that are not under Premier Support or Extended Support are not tested for the presence of vulnerabilities addressed by this Security Alert. However, it is likely that earlier versions of affected releases are also affected by these vulnerabilities,” Oracle said.

No additional, specific details about the flaw ended up released.

Pin It on Pinterest

Share This