Summary
Oracle released an emergency patch for a critical remote code execution vulnerability (CVE-2026-21992) in Identity Manager and Web Services Manager that allows unauthenticated attackers to take over systems.
Take Action:
If you're running Oracle Fusion Middleware , Oracle Identity Manager or Oracle Web Services Manager, this is important and probably urgent. If posssible, isolate the system to trusted networks only and use a Web Application Firewall with custom rules for this endoint. Then patch ASAP, because this flaw will be exploited, very soon.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)