""This vulnerability is remotely exploitable without authentication. If successfully exploited, this vulnerability may result in remote code execution.""
""CVE-2026-21992 affects the following versions - Oracle Identity Manager versions 12.2.1.4.0 and 14.1.2.1.0, Oracle Web Services Manager versions 12.2.1.4.0 and 14.1.2.1.0.""
""According to a description of the flaw in the NIST National Vulnerability Database (NVD), it's 'easily exploitable' and could allow an unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager and Oracle Web Services Manager.""
""Oracle makes no mention of the vulnerability being exploited in the wild. However, the tech giant has urged customers to apply the update without delay for optimal protection.""
Oracle has issued security updates for a critical vulnerability, CVE-2026-21992, affecting Identity Manager and Web Services Manager. This flaw has a CVSS score of 9.8 and is remotely exploitable without authentication. Successful exploitation could lead to remote code execution. The vulnerability impacts specific versions of Oracle Identity Manager and Web Services Manager. Although there are no reports of active exploitation, Oracle advises customers to apply the updates promptly for protection against potential threats.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]