Oracle Identity Manager (OIM) is an enterprise identity management system that automatically manages users’ access privileges is affected by a critical security vulnerability which allows the attacker to get remote access easily over the network.
Oracle published in its advisory that the vulnerability is tracked as CVE-2017-10151 and has a CVSS v3 base score of 10.0. The vulnerability can be exploited easily without any user interaction. This OIM vulnerability allows the unauthenticated attacker to access the “default account” and compromise Oracle Identity Manager via HTTP.
The detailed information of this vulnerability has not been released by Oracle to prevent the leak of exploitation. The company has revealed the easily exploitable versions of Oracle identity manager which are 188.8.131.52, 184.108.40.206, 220.127.116.11.0, 18.104.22.168.0, 22.214.171.124.0 and 126.96.36.199.0.
Oracle has released the patches for all the vulnerable versions. The users are highly recommended to apply updates to avoid the exploitation of the vulnerability to target their enterprises.