A vulnerability has been discovered in Oracle Products that could allow for remote code execution.
- Oracle Identity Manager is an identity management product that automates user provisioning, identity administration, and password management, integrated in a comprehensive workflow engine.
- Oracle Web Services Manager is a comprehensive security and policy management framework within Oracle Fusion Middleware that allows enterprises to secure, manage, and monitor web services.
Successful exploitation of this vulnerability could allow for remote code execution. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have less rights on the system could be less impacted than those who operate with administrative user rights.
–
Read More – Cyber Security Advisories – MS-ISAC
