A severe vulnerability has been uncovered in the Oracle Identity Manager which can be used at the disposal of the hacker to remotely control the harmed systems. The company’s advisory released a report on Monday in which details of this vulnerability and its subsequent repercussions have been mentioned.
This vulnerability is termed as CVE-2017-10151 and has been assigned a number 10 on the Qualitative severity rating scale. 10 corresponds to “Critical” state. This vulnerability requires no direct user interaction i.e. it is fully remotely controlled. Oracle advisory quotes:
“This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.”
The discovered vulnerability in Oracle Identity Manager targets Oracle Fusion Middleware. This is an enterprise identity management system that is used for automatic management of users’ data. Oracle’s advisory reported that the following Oracle versions are prone to hacking:
11.1.1.7, 11.1.1.9, 11.1.2.1.0, 11.1.2.2.0, 11.1.2.3.0 and 12.2.1.3.0.
In response to this, Oracle has released patches for Oracle Identity Manager to counter this dilemma. Oracle recommends the following:
“Due to the severity of this vulnerability, Oracle strongly recommends that customers apply the updates provided by this Security Alert without delay.”
Therefore, in light of this news, if you are an Oracle user, do install the patches as soon as possible so that you can remain safe from any hacking attempt.
