CVE-2017-10151

Name of the Vulnerable Software and Affected Versions Oracle Identity Manager versions 11.1.1.7, 11.1.2.3, 12.2.1.3

Description The issue is related to the use of default system accounts in Oracle Identity Manager, allowing an unauthenticated attacker with network access via HTTP to compromise the system. Successful attacks can result in the takeover of Oracle Identity Manager and may significantly impact additional products.

Recommendations For versions 11.1.1.7, 11.1.2.3, and 12.2.1.3, consider disabling the use of default system accounts as a temporary workaround until a patch is available. Restrict access to the Oracle Identity Manager component to minimize the risk of exploitation. Avoid using the default system accounts in the affected Oracle Identity Manager component until the issue is resolved.