CVE-2020-2729

Name of the Vulnerable Software and Affected Versions Oracle Identity Manager versions 11.1.2.3.0 through 12.2.1.3.0

Description The issue is related to inadequate access control in the Advanced Console component of Oracle Identity Manager. It can be exploited by a remote attacker to compromise the integrity of data or disclose protected information via the HTTP protocol. Successful attacks may result in unauthorized access to update, insert, or delete some Identity Manager data, as well as unauthorized read access to a subset of Identity Manager data.

Recommendations For versions 11.1.2.3.0 and 12.2.1.3.0, consider restricting access to the Advanced Console component until a patch is available. As a temporary workaround, limit network access via HTTP to the Identity Manager to minimize the risk of exploitation.