Oracle Resolves Critical RCE Vulnerability in Identity Manager

Oracle Resolves Critical RCE Vulnerability in Identity Manager

Posted on By CWS

Oracle has issued critical security patches to rectify a serious vulnerability in its Identity Manager and Web Services Manager, potentially allowing remote code execution. This vulnerability, identified as CVE-2026-21992, boasts a near-maximum CVSS score of 9.8, highlighting its severity and ease of exploitation.

Details of the Vulnerability

The flaw affects Oracle Identity Manager versions 12.2.1.4.0 and 14.1.2.1.0, alongside Oracle Web Services Manager versions 12.2.1.4.0 and 14.1.2.1.0. Notably, this issue can be exploited remotely without requiring authentication, enabling attackers to execute arbitrary code on vulnerable systems.

The National Institute of Standards and Technology’s National Vulnerability Database (NVD) describes this flaw as “easily exploitable,” capable of allowing an unauthenticated attacker with network access via HTTP to gain control over affected instances.

Immediate Action Urged

Oracle has not reported any active exploitation of this vulnerability in the wild. However, the company is strongly advising its customers to apply the patches promptly to mitigate potential risks. Ensuring systems are updated is crucial in safeguarding against unauthorized access and potential data breaches.

This security update is part of Oracle’s ongoing commitment to maintaining the integrity and security of its software products, emphasizing the importance of regular system updates.

Previous Vulnerabilities and Industry Response

In a related security advisory, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) previously included another critical vulnerability, CVE-2025-61757, in the Known Exploited Vulnerabilities (KEV) catalog. This flaw, affecting Oracle Identity Manager, had already shown evidence of active exploitation, reinforcing the need for continuous vigilance and timely updates.

These incidents underscore the persistent threats faced by organizations in the digital age, highlighting the essential nature of robust cybersecurity measures and proactive vulnerability management strategies.

As cyber threats evolve, Oracle’s proactive approach to vulnerability management will remain a key factor in protecting its extensive user base from emerging security challenges.

The Hacker News Tags:, , , , , , , , , ,

Related Posts

Malicious NuGet Package Targets Financial Sector Malicious NuGet Package Targets Financial Sector The Hacker News
Why Your AI Security Tools Are Only as Strong as the Data You Feed Them Why Your AI Security Tools Are Only as Strong as the Data You Feed Them The Hacker News
[Webinar] Shadow AI Agents Multiply Fast — Learn How to Detect and Control Them [Webinar] Shadow AI Agents Multiply Fast — Learn How to Detect and Control Them The Hacker News
Now-Patched Fortinet FortiWeb Flaw Exploited in Attacks to Create Admin Accounts Now-Patched Fortinet FortiWeb Flaw Exploited in Attacks to Create Admin Accounts The Hacker News
China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware The Hacker News
6M Crypto Fine, Hacking Formula 1, Chromium Vulns, AI Hijack & More $176M Crypto Fine, Hacking Formula 1, Chromium Vulns, AI Hijack & More The Hacker News