Unauthenticated Access Vulnerability in Oracle Identity Manager from Oracle
CVE-2017-10151

10CRITICAL

Key Information:

Vendor

Oracle
Status
Identity Manager
Vendor
CVE Published:
30 October 2017

What is CVE-2017-10151?

A vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware allows unauthenticated attackers with network access via HTTP to compromise the system. Affected versions include 11.1.1.7, 11.1.2.3, and 12.2.1.3. Successful exploitation can lead to the takeover of Oracle Identity Manager, posing significant security risks and potential impacts on confidentiality, integrity, and availability. Additional products may be affected due to the interconnected nature of the systems involved.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Identity Manager 11.1.1.7

Identity Manager 11.1.2.3

Identity Manager 12.2.1.3

References

http://www.securityfocus.com/bid/101619
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/alert...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1039690
vdb-entryx_refsource_SECTRACK

EPSS Score

13% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.