Oracle Warns of Critical Unauthenticated RCE in Identity Manager and Web Services Manager
Oracle issued an out-of-band Security Alert for CVE-2026-21992, a critical unauthenticated remote code execution flaw affecting Oracle Fusion Middleware deployments that use Oracle Identity Manager and Oracle Web Services Manager. The vulnerability carries a CVSS 3.1 score of 9.8 and can be exploited remotely over the network with low complexity and no user interaction, raising particular concern for internet-facing systems.
Oracle said the flaw affects the REST Web Services component in Oracle Identity Manager and the Web Services Security module in Oracle Web Services Manager. Successful exploitation could result in full system compromise, including credential theft and lateral movement, and the company urged customers to apply available patches immediately. Oracle also warned that organizations running unsupported versions should upgrade to supported releases, as fixes are only provided under Premier Support or Extended Support.
Timeline
Mar 20, 2026
Oracle revises the CVE-2026-21992 security alert
Oracle updated its security alert for CVE-2026-21992, revising the advisory after the initial release. The alert continued to warn that the remotely exploitable flaw could enable full system compromise, including credential theft and lateral movement.
Mar 18, 2026
Oracle releases security alert for CVE-2026-21992
Oracle issued an out-of-band Security Alert for CVE-2026-21992, a critical unauthenticated remote code execution flaw affecting Oracle Identity Manager and Oracle Web Services Manager in Fusion Middleware. Oracle urged customers to apply available patches immediately and noted that unsupported versions must be upgraded to supported releases to receive fixes.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Vulnerabilities
Sources
3 more from sources like the hacker news, cyber security news and oracle product advisories
Related Stories
Active Exploitation of Critical Oracle Identity Manager Vulnerability
A critical vulnerability in Oracle Identity Manager, identified as CVE-2025-61757 and rated 9.8 on the CVSS scale, is being actively exploited by threat actors. The flaw affects Oracle Identity Manager versions 12.2.1.4.0 and 14.1.2.1.0, allowing unauthenticated attackers to remotely execute code via the Oracle REST Web Services component. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about ongoing exploitation, and researchers from Searchlight Cyber have detailed how attackers can bypass authentication by appending specific strings such as `?WSDL` or `;.wadl` to REST endpoints. Organizations using affected Oracle Identity Manager versions are urged to apply the vendor's recent patches immediately to mitigate the risk of compromise. The vulnerability's active exploitation highlights the importance of timely patch management and monitoring for unusual activity on exposed Oracle REST Web Services endpoints. Security teams should review their systems for signs of unauthorized access and ensure that all mitigations recommended by Oracle and CISA are implemented without delay.
1 months ago
Critical RCE Vulnerability in Oracle Fusion Middleware (CVE-2025-61757)
A critical vulnerability, CVE-2025-61757, has been identified in Oracle Fusion Middleware's Identity Manager component, allowing remote, unauthenticated attackers to achieve arbitrary remote code execution. CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation and urging all organizations, especially those in the federal sector, to prioritize remediation. The affected versions include Oracle Identity Manager 12.2.1.4.0 and 14.1.2.1.0, and exploitation could result in complete system compromise. Security researchers recommend immediate upgrades to patched versions to mitigate risk. Tools such as runZero can assist organizations in identifying vulnerable Oracle Identity Manager installations using queries like `vendor:="Oracle" product:="Identity Manager"`. CISA's Binding Operational Directive 22-01 mandates federal agencies to remediate KEV-listed vulnerabilities by specified deadlines, but all organizations are strongly encouraged to address this critical issue promptly to reduce exposure to active threats.
1 months ago
Oracle Identity Manager Connector Flaws Expose Critical Data to Unauthenticated Attackers
Oracle disclosed three high-severity vulnerabilities in the Oracle Identity Manager Connector component of Oracle Fusion Middleware, tracked as **`CVE-2026-34285`**, **`CVE-2026-34286`**, and **`CVE-2026-34287`**. The flaws affect supported version **`12.2.1.4.0`** and are described as easily exploitable by unauthenticated attackers with network access over **HTTPS**, including issues in the product's **Core** component. Successful exploitation could allow attackers to create, delete, or modify critical data and gain unauthorized access to sensitive information, including potentially complete access to all data reachable through the Oracle Identity Manager Connector. Oracle assigned each vulnerability a **CVSS v3.1 score of 9.1**, citing high confidentiality and integrity impact with no availability impact, and referenced the issues in its **Critical Patch Update** advisory.
2 weeks ago