""Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager and Oracle Web Services Manager. Successful attacks of this vulnerability can result in takeover of Oracle Identity Manager and Oracle Web Services Manager.""
""Oracle's Integrated Cyber Center has published a security alert to draw organizations' attention to the patches, but the vendor has not clearly stated whether the flaw has been exploited in the wild.""
Oracle released out-of-band updates to address a critical vulnerability, CVE-2026-21992, affecting its Identity Manager and Web Services Manager products. This vulnerability, with a CVSS score of 9.8, allows unauthenticated attackers to execute remote code. The affected components include the REST WebServices of Identity Manager and the Web Services Security of Web Services Manager. Oracle's Integrated Cyber Center has alerted organizations about the patches, but it remains unclear if the vulnerability has been exploited in real-world attacks.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]