—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Remote Code Execution Vulnerability in Oracle Identity Manager and Oracle Web Services Manager

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: CRITICAL

Software Affected

Oracle Identity Manager versions 12.2.1.4.0 and 14.1.2.1.0

Oracle Web Services Manager versions 12.2.1.4.0 and 14.1.2.1.0

Overview

A critical vulnerability has been reported in Oracle Identity Manager and Oracle Web Services Manager, which may allow a remote attacker to execute arbitrary code on the targeted system.

Target Audience:

All end-user organizations and individuals using affected Oracle Identity Manager and Oracle Web Services Manager.

Risk Assessment:

High risk of unauthorized access, remote system takeover, privilege escalation.

Impact Assessment:

Potential for complete system takeover, unauthorized access to sensitive data, and disruption of services.

Description

Oracle Identity Manager (OIM) and Oracle Web Services Manager (OWSM) are components of Oracle Fusion Middleware used for identity governance and web service security.

This vulnerability exists in Oracle Identity Manager (REST WebServices) and Oracle Web Services Manager (Web Services Security) due to improper handling of unauthenticated HTTP requests. An attacker could exploit this vulnerability by sending crafted requests over the network without requiring authentication on the affected targeted system.

Successful exploitation could allow a remote attacker to execute arbitrary code on the targeted system.

Solution

Apply appropriate security updates as mentioned in

https://www.oracle.com/security-alerts/alert-cve-2026-21992.html

Vendor Information

Oracle

https://www.oracle.com/security-alerts/alert-cve-2026-21992.html

References

 

https://www.oracle.com/security-alerts/alert-cve-2026-21992.html

CVE Name

CVE-2026-21992

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmnD74UACgkQ3jCgcSdc

ys+D2A//VrCXo/7tSLjSYCG0+PeRteNF3ce6I8iZPQjuJMseKMpmvphglE+yjj1G

HvMO6xlEgCnTySSSw8bTcYwHcw2jyNY0X+HNBicpZAXFs6zzfNVYILHBK6gZuWXS

1vETECLOj7TUnTsDs5d4QOhoCAOjf9iYkAgkuGd+8kHp4ugHyMziUwu9bTVEkxIF

F1j/r81Vt23/6hN3wezNa/NRgKh7zs4SYTO6RgmveOsamjIec4A5iPEcTiJYuOhw

pfzTZEY93DPe/jiYGqZtze4ArAtlmkkNy+bss2evq3bhoE4XMuimOdIyAa4JI+6M

m4mBvc5hhJ8Swan/UKI0BRdklzBbQSF2pmNhOc1qrX0q2XydCgRRdDEt1f+r+xPn

q4mHTZwSPWU6/Ewir/HKkWGoiK9GiPce+FXRlIx7HjPdmDoiUaG0bfGvyh9FmTnn

y2Ws577AHm4O2rnc3E1wo3rpoglFiM6o+HHk3lj8aJ/ZjtzW4+qaZttE2QaV+Rbu

HCpt5xweklMz59gdX8a8QugHwkoJgrne2QjGdi1y+9VuwZJ4C5eGa2OmxppPrWIb

PWTYOnxNwyxnEswsQWZtIDEDwC6J7XZW4uwvbQD89eQUnF0RiA0XkTQg4EvzgKs7

te9vbuc5S1B15x7RXL9FWPa8WH3SHvYz7nZpccQSEXYYcr9ujPE=

=c60i

—–END PGP SIGNATURE—–