Published: 30/10/2017 Updated: 03/10/2019

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 10 | Impact Score: 6 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Default Account). Supported versions that are affected are 11.1.1.7, 11.1.2.3 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager. While the vulnerability is in Oracle Identity Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Identity Manager. CVSS 3.0 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle identity manager 11.1.1.9
oracle identity manager 11.1.2.1.0
oracle identity manager 11.1.2.2.0
oracle identity manager 11.1.1.7
oracle identity manager 11.1.2.3
oracle identity manager 12.2.1.3

10/10 would patch again: Big Red plasters 'easily exploitable' backdoor in Oracle Identity Manager

The Register • Rebecca Hill • 30 Oct 2017

Remote unauthenticated attack bug gets perfect CVSS score

Oracle is urging users of its enterprise identity management system to apply an emergency update to stomp a bug that allows attackers take over the system. The bug has been given a CVSS score of 10.0 – or critical – and could allow a remote, unauthorised hacker access to systems. Oracle said the vuln "can result in complete compromise of Oracle Identity Manager via an unauthenticated network attack". Oracle described the flaw as "easily exploitable". It allows "unauthenticated attacker with ...

CVE-2017-10151

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect