What We Do
How We Do
Resources
Company
Partners
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Get Started
Security advisories

Oracle Identity Manager Vulnerability

February 26, 2019 | 1 MIN READ

Speak With A Security Expert Now

TALK TO AN EXPERT

Oracle has released a patch for a critical vulnerability affecting Oracle Identity Manager. Unpatched versions of Oracle Identity Manager have a default account that can be accessed over HTTP and used to take control of the identity management system. This vulnerability does not require any end-user interaction and Oracle has described it as being easily exploitable by threat actors.

What you should do:

Additional Information
This vulnerability is tracked as CVE-2017-10151. On the Common Vulnerability Scoring System (CVSS), this vulnerability is rated 10/10.
Affected versions of Oracle Identity Manager include:

For more information please visit:

http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10151-4016513.html

http://www.securityweek.com/oracle-patches-critical-flaw-identity-manager

View Most Recent Advisories