Tran

**Name of the Vulnerable Software and Affected Versions** Oracle Identity Manager version 12.2.1.3.0 **Description** The issue is related to the Identity Manager product of Oracle Fusion Middleware, specifically the OIM - LDAP user and role Synch component. It allows an unauthenticated attacker with network access via HTTP to compromise Identity Manager, resulting in unauthorized access to critical data or complete access to all Identity Manager accessible data. The vulnerability is easily exploitable and can be used to disclose protected information remotely using the HTTP protocol. **Recommendations** For version 12.2.1.3.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.