Based in Redwood, California, Oracle Corporation is the largest software company whose primary business is database products. Historically, Oracle has targeted high-end workstations and minicomputers as the server platforms to run its database systems. Its relational database was the first to support the SQL language, which has since become the industry standard.
A exploit was found in Oracle’s identity management system. This exploix has been marked as CVE-2017-10151, it has been assigned the highest CVSS score of 10 and is easy to exploit without any user interaction.
This CVE is due to a security loophole involving a default account that allows an unathenticated attacker on the same network to compromise the Oracle Identity Manager through HTTP.
The full details of this vulnerability have not yet been released by Oracle.
“This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials,” Oracle’s advisory reads.
The easily exploitable vulnerability affects Oracle Identity Manager versions 184.108.40.206, 220.127.116.11, 18.104.22.168.0, 22.214.171.124.0, 126.96.36.199.0 and 188.8.131.52.0.
Oracle has already released patches for all versions of the products that were affected by this CVE. all users should update to the latest version of Oracle to patch the vulnerability before a hacker has the chance to exploit it.