Vulnerability in Oracle Identity Manager of Oracle Fusion Middleware
CVE-2017-3553

9.9CRITICAL

Key Information:

Vendor

Oracle
Status
Identity Manager
Vendor
CVE Published:
24 April 2017

What is CVE-2017-3553?

A vulnerability exists in the Oracle Identity Manager component of Oracle Fusion Middleware, specifically within the Rules Engine subcomponent. This easily exploitable vulnerability enables a low-privileged attacker with network access via HTTP to compromise Oracle Identity Manager. Although the flaw is localized to this component, successful exploitation can have widespread repercussions, potentially affecting other interconnected products. Attackers could gain unauthorized access, leading to a complete takeover of Oracle Identity Manager and significant risks to confidentiality, integrity, and availability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Identity Manager 11.1.2.3.0

References

http://www.securitytracker.com/id/1038291
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuap...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/97728
vdb-entryx_refsource_BID

CVSS V3.1

Score:
9.9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.