Vulnerability in Oracle Identity Manager of Oracle Fusion Middleware
CVE-2017-3553

9.9CRITICAL

Key Information:

Vendor
Oracle
Status
Identity Manager
Vendor
CVE Published:
24 April 2017

Summary

A vulnerability exists in the Oracle Identity Manager component of Oracle Fusion Middleware, specifically within the Rules Engine subcomponent. This easily exploitable vulnerability enables a low-privileged attacker with network access via HTTP to compromise Oracle Identity Manager. Although the flaw is localized to this component, successful exploitation can have widespread repercussions, potentially affecting other interconnected products. Attackers could gain unauthorized access, leading to a complete takeover of Oracle Identity Manager and significant risks to confidentiality, integrity, and availability.

Affected Version(s)

Identity Manager 11.1.2.3.0

References

http://www.securitytracker.com/id/1038291
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuap...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/97728
vdb-entryx_refsource_BID

CVSS V3.1

Score:
9.9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.