Identity Manager
CVE-2017-3553
CRITICAL
Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Rules Engine). The supported version that is affected is 11.1.2.3.0. Easily "exploitable" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Identity Manager. While the vulnerability is in Oracle Identity Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Identity Manager. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
AnalysisAI
Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Rules Engine). Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Rules Engine). The supported version that is affected is 11.1.2.3.0. Easily "exploitable" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Identity Manager. While the vulnerability is in Oracle Identity Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Identity Manager. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). Affected products include: Oracle Identity Manager.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Identity Manager
View allVMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side templa
VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. Rat
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due t
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability aff
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability aff
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Rated cr
Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Default Account). Rate
Open redirect vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) becaus
Account takeover in Oracle Identity Manager 12.2.1.4.0 and 14.1.2.1.0 (Fusion Middleware Core component) allows a low-pr
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today