|
|
|||
| Rule General Information |
|---|
| Release Date: | 2017-12-18 | |
| Rule Name: | Oracle Identity Manager Default Credentials Security Vulnerability - 1 (CVE-2017-10151) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Default Account). Supported versions that are affected are 11.1.1.7, 11.1.2.3 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager. While the vulnerability is in Oracle Identity Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Identity Manager. | |
| Impact: | A remote attacker can easily exploit the vulnerability in the Oracle Identity Manager Default Account component to gain full control of the target system. | |
| Affected OS: | Windows, Linux, FreeBSD, Solaris, Other Unix, Network Device, Mac OS, iOS, Android, Others | |
| Reference: | http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10151-4016513.html SecurityFocusBID:101619 SecurityTrackerID:1039690 |
|
| Solutions |
|---|
| Oracle has issued a fix. The vendor advisory is available at: http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10151-4016513.html |