Please Contact Us for questions about the acquisition, product support, or account management.here.
A critical vulnerability with a CVSS score of 10 has been found in Oracle’s enterprise identity management system that can be easily exploited by a remote unauthenticated attacker to take full control over the affected systems. The vulnerability is being tracked via CVE-2017-10151 and affects the Oracle Identity Manager (OIM) component of Oracle Fusion Middleware, an enterprise identity management system that automatically manages users’ access privileges within enterprises.
The vulnerability is due to a “default account” that an unauthenticated attacker over the same network can access via HTTP to compromise Oracle Identity Manager versions 18.104.22.168, 22.214.171.124, 126.96.36.199.0, 188.8.131.52.0, 184.108.40.206.0 and 220.127.116.11.0. Oracle has not released complete details of the vulnerability in an effort to prevent exploitation in the wild, but here the “default account” could be a secret account with hard-coded or no password.
Oracle has released patches for all version of its affected products, so users are advised to install the patches before hackers get the chance to exploit the vulnerability to target your enterprise.
For more information on how to keep your network safe, click here.