Skip to main content

Identity Manager CVE-2017-10151

CRITICAL
2017-10-30 secalert_us@oracle.com
10.0
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
10.0 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 30, 2017 - 20:29 cve.org
CRITICAL 10.0

DescriptionCVE.org

Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Default Account). Supported versions that are affected are 11.1.1.7, 11.1.2.3 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager. While the vulnerability is in Oracle Identity Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Identity Manager. CVSS 3.0 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

AnalysisAI

Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Default Account). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.8%.

Technical ContextAI

Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Default Account). Supported versions that are affected are 11.1.1.7, 11.1.2.3 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager. While the vulnerability is in Oracle Identity Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Identity Manager. CVSS 3.0 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Affected products include: Oracle Identity Manager.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2022-22956 CRITICAL POC
9.8 Apr 13

VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth

CVE-2022-22954 CRITICAL POC
9.8 Apr 11

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side templa

CVE-2022-31660 HIGH POC
7.8 Aug 05

VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. Rat

CVE-2022-22960 HIGH POC
7.8 Apr 13

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due t

CVE-2022-22957 HIGH POC
7.2 Apr 13

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities

CVE-2022-31656 CRITICAL POC
9.8 Aug 05

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability aff

CVE-2022-22972 CRITICAL POC
9.8 May 20

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability aff

CVE-2019-2729 CRITICAL POC
9.8 Jun 19

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Rated cr

CVE-2014-2880 MEDIUM POC
5.8 Apr 17

Open redirect vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.

CVE-2019-11358 MEDIUM POC
6.1 Apr 20

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) becaus

CVE-2017-3553 CRITICAL
9.9 Apr 24

Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Rules Engine). Rated c

CVE-2026-35268 CRITICAL
9.9 Jun 16

Account takeover in Oracle Identity Manager 12.2.1.4.0 and 14.1.2.1.0 (Fusion Middleware Core component) allows a low-pr

Share

CVE-2017-10151 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy