Authorization Flaw in Oracle Fusion Middleware's Identity Manager
CVE-2021-2458

7.6HIGH

Key Information:

Vendor: Oracle
Status: Identity Manager
Vendor: CVE Published:; 21 July 2021

Summary

A significant vulnerability has been identified in the Identity Manager component of Oracle Fusion Middleware. This flaw allows an attacker with low privileges who has network access via HTTP to compromise the Identity Manager system. Exploitation of this vulnerability necessitates human interaction from a user other than the attacker. Although the vulnerability is confined to Identity Manager, it can lead to far-reaching consequences, potentially impacting other associated products. Successful exploitation can grant unauthorized access to sensitive data, enabling attackers to update, insert, or delete crucial information, hence posing a risk of data loss and integrity. Effective security measures are essential to safeguard against such vulnerabilities.

Affected Version(s)

Identity Manager 11.1.2.2.0

Identity Manager 11.1.2.3.0

Identity Manager 12.2.1.3.0

References

https://www.oracle.com/security-alerts/cpujul2021.html

x_refsource_MISC

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 21, 2021
Vulnerability Reserved
Dec 9, 2020