Oracle has issued an urgent security update for its Identity Manager offering and is urging customers to apply the patch immediately.
While the company did not provide full technical details, it warned that the vulnerability has a "CVSS v3 base score of 10.0, and can result in complete compromise of Oracle Identity Manager via an unauthenticated network attack".
A 10 out 10 CVSS v3 rating indicates the vulnerability is as bad as it gets.
The flaw lies in the Default Account subcomponent of the Oracle Identity Manager.
The US National Institute of Standards said the vulnerability can be easily exploited over the clear text hyper text transmission protocol (HTTP) used for web access.
A successful attack could not only result in full takeover of Oracle's Identity Manager, but also significantly impact additional products, NIST warned.
The emergency patch comes after last month's regular set of security updates, which included 252 fixes for critical flaws in Oracle's products.
Oracle Identity Manager allowes enterprises to manage the user lifecycle across business resources and provides a way to implement corporate policies.