#1 Trusted Cybersecurity News Platform Followed by 3.45+ million
The Hacker News Logo
Subscribe to Newsletter

Oracle Fusion Middleware | Breaking Cybersecurity News | The Hacker News

CISA Warns of Actively Exploited Critical Oracle Fusion Middleware Vulnerability

CISA Warns of Actively Exploited Critical Oracle Fusion Middleware Vulnerability

Nov 29, 2022
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday  added  a critical flaw impacting Oracle Fusion Middleware to its Known Exploited Vulnerabilities ( KEV ) Catalog, citing evidence of active exploitation. The vulnerability, tracked as  CVE-2021-35587 , carries a CVSS score of 9.8 and impacts Oracle Access Manager (OAM) versions 11.1.2.3.0, 12.2.1.3.0, and 12.2.1.4.0. Successful exploitation of the remote command execution bug could enable an unauthenticated attacker with network access to completely compromise and take over Access Manager instances. "It may give the attacker access to OAM server, to create any user with any privileges, or just get code execution in the victim's server," Vietnamese security researcher Nguyen Jang ( Janggggg ), who reported the bug alongside  peterjson ,  noted  earlier this March. The issue was addressed by Oracle as part of its  Critical Patch Update  in January 2022. Additional details regarding the natu
Highly Critical Flaw (CVSS Score 10) Lets Hackers Hijack Oracle Identity Manager

Highly Critical Flaw (CVSS Score 10) Lets Hackers Hijack Oracle Identity Manager

Oct 31, 2017
A highly critical vulnerability has been discovered in Oracle's enterprise identity management system that can be easily exploited by remote, unauthenticated attackers to take full control over the affected systems. The critical vulnerability tracked as CVE-2017-10151, has been assigned the highest CVSS score of 10 and is easy to exploit without any user interaction, Oracle said in its advisory  published Monday without revealing many details about the issue. The vulnerability affects Oracle Identity Manager (OIM) component of Oracle Fusion Middleware—an enterprise identity management system that automatically manages users' access privileges within enterprises. The security loophole is due to a "default account" that an unauthenticated attacker over the same network can access via HTTP to compromise Oracle Identity Manager. Oracle has not released complete details of the vulnerability in an effort to prevent exploitation in the wild, but here the "def
cyber security

external linkTraditional App Security is No Longer Enough

websitewww.nonamesecurity.comAPI Security
When it comes to ensuring the security of your APIs, there are four critical capabilities.
Cybersecurity Resources