Primary

Context

Oracle Identity Manager and Oracle Web Services Manager Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability has been identified in Oracle Identity Manager and Oracle Web Services Manager, specifically in the REST Web Services and Web Services Security components, respectively. This vulnerability affects versions 12.2.1.4.0 and 14.1.2.1.0. It allows an unauthenticated attacker with network access via HTTP to compromise both Oracle Identity Manager and Oracle Web Services Manager. Successful exploitation can lead to a complete takeover of these services.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system.

Remediation

Users are advised to apply the patches available through the Oracle Fusion Middleware Security Alert program. Instructions for patch availability and installation can be found in the Oracle Fusion Middleware Patch Availability Document on the Oracle Support website.

Added: Mar 20, 2026, 3:34 AM

Updated: Mar 20, 2026, 3:34 AM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

7.0

remediation

7.7

relevance

4.2

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

7.0

remediation

7.7

relevance

4.2

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Oracle Identity Manager and Oracle Web Services Manager Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Oracle Identity Manager

Oracle Web Services Manager

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating