Unauthenticated Access Vulnerability in Oracle Identity Manager from Oracle
CVE-2017-10151

10CRITICAL

Key Information:

Vendor
Oracle
Status
Identity Manager
Vendor
CVE Published:
30 October 2017

Summary

A vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware allows unauthenticated attackers with network access via HTTP to compromise the system. Affected versions include 11.1.1.7, 11.1.2.3, and 12.2.1.3. Successful exploitation can lead to the takeover of Oracle Identity Manager, posing significant security risks and potential impacts on confidentiality, integrity, and availability. Additional products may be affected due to the interconnected nature of the systems involved.

Affected Version(s)

Identity Manager 11.1.1.7

Identity Manager 11.1.2.3

Identity Manager 12.2.1.3

References

http://www.securityfocus.com/bid/101619
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/alert...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1039690
vdb-entryx_refsource_SECTRACK

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.