Back to Blog

Highly Critical Flaw (CVSS Score 10) Lets Hackers Hijack Oracle Identity Manager

November 1, 2017

By: Sikur

Capturar

by Swati Khandelwal

October 30, 2017

A highly critical vulnerability has been discovered in Oracle’s enterprise identity management system that can be easily exploited by remote, unauthenticated attackers to take full control over the affected systems.

The critical vulnerability tracked as CVE-2017-10151, has been assigned the highest CVSS score of 10 and is easy to exploit without any user interaction, Oracle said in its advisory published Monday without revealing many details about the issue.

The vulnerability affects Oracle Identity Manager (OIM) component of Oracle Fusion Middleware—an enterprise identity management system that automatically manages users’ access privileges within enterprises.

The security loophole is due to a “default account” that an unauthenticated attacker over the same network can access via HTTP to compromise Oracle Identity Manager.

Oracle has not released complete details of the vulnerability in an effort to prevent exploitation in the wild, but here the “default account” could be a secret account with hard-coded or no password.

MORE: https://thehackernews.com/2017/10/oracle-identity-manager.html

Contact us

Safety is essential to your decision making. We are sure that our team can clarify any doubts. After all, we understand security.

contact@sikur.com

Follow us

Try SIKUR





Contact Us
First Name*
Last Name*
E-mail*
Mobile Number*
Company*
Country*
Tell us what do you need* ?
Products: Hold CTRL+Click to add more than 1.* ?
Comments
I agree to the Privacy Policy and Terms of Service.