CVE-2017-10151

4 documents4 sources
Severity
10.0CRITICAL
EPSS
13.8%
top 5.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Corporation Identity ManagerOracle Identity Manager
Timeline
PublishedOct 30
Latest updateMay 13

Description

Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Default Account). Supported versions that are affected are 11.1.1.7, 11.1.2.3 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager. While the vulnerability is in Oracle Identity Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of O

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages2 packages

NVDoracle/identity_manager6 versions+5
CVEListV5oracle_corporation/identity_manager11.1.1.7, 11.1.2.3, 12.2.1.3+2

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-43m9-2x7c-hp86: Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Default Account)2022-05-13
CVEList
CVE-2017-10151: Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Default Account)2017-10-30

🔍Detection Rules

1
Suricata
ET EXPLOIT Possible Oracle Identity Manager Attempt to Logon with default account2017-11-01
CVE-2017-10151 (CRITICAL CVSS 10) | Vulnerability in the Oracle Identit | cvebase.io