CVE-2020-2728

Name of the Vulnerable Software and Affected Versions Oracle Identity Manager version 12.2.1.3.0

Description The issue is related to the Identity Manager product of Oracle Fusion Middleware, specifically the OIM - LDAP user and role Synch component. It allows an unauthenticated attacker with network access via HTTP to compromise Identity Manager, resulting in unauthorized access to critical data or complete access to all Identity Manager accessible data. The vulnerability is easily exploitable and can be used to disclose protected information remotely using the HTTP protocol.

Recommendations For version 12.2.1.3.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.