Oracle rushes out emergency patch for Identity Manager

By

Update now to plug 10/10 severity vulnerability.

Oracle has issued an urgent security update for its Identity Manager offering and is urging customers to apply the patch immediately.

Oracle rushes out emergency patch for Identity Manager

While the company did not provide full technical details, it warned that the vulnerability has a "CVSS v3 base score of 10.0, and can result in complete compromise of Oracle Identity Manager via an unauthenticated network attack".

A 10 out 10 CVSS v3 rating indicates the vulnerability is as bad as it gets.

The flaw lies in the Default Account subcomponent of the Oracle Identity Manager.

The US National Institute of Standards said the vulnerability can be easily exploited over the clear text hyper text transmission protocol (HTTP) used for web access.

A successful attack could not only result in full takeover of Oracle's Identity Manager, but also significantly impact additional products, NIST warned.

The emergency patch comes after last month's regular set of security updates, which included 252 fixes for critical flaws in Oracle's products.

Oracle Identity Manager allowes enterprises to manage the user lifecycle across business resources and provides a way to implement corporate policies.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

The Northern Beaches Women's Shelter hones focus on tech-enabled abuse

The Northern Beaches Women's Shelter hones focus on tech-enabled abuse

Log In

  |  Forgot your password?