CVE-2018-3179

Name of the Vulnerable Software and Affected Versions Oracle Identity Manager versions 11.1.2.3.0 through 12.2.1.3.0

Description The issue is related to insufficient access control in the Advanced Console component of Oracle Identity Manager. This can be exploited by a remote attacker to gain unauthorized access to protected data or cause a denial of service using the HTTP protocol. The vulnerability can result in unauthorized read access to a subset of Oracle Identity Manager accessible data and the ability to cause a partial denial of service of Oracle Identity Manager.

Recommendations For versions 11.1.2.3.0 and 12.2.1.3.0, consider restricting access to the Advanced Console component until a patch is available. As a temporary workaround, consider disabling the use of the HTTP protocol for the Advanced Console component to minimize the risk of exploitation. Restrict network access to the Oracle Identity Manager component to minimize the risk of unauthorized access.