CVEDB API

Vulnerabilities

Vulnerable Software

Oracle: >> Identity Manager Security Vulnerabilities

CVE-2017-3553

Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Rules Engine). The supported version that is affected is 11.1.2.3.0. Easily "exploitable" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Identity Manager. While the vulnerability is in Oracle Identity Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Identity Manager. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

CVSS Score

9.9

EPSS Score

0.024

Published

2017-04-24

CVE-2016-5506

Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware allows local users to affect confidentiality and integrity via vectors related to App Server.

CVSS Score

3.1

EPSS Score

0.004

Published

2016-10-25

CVE-2014-2880

Open redirect vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backUrl parameter in a changepwd action to identity/faces/firstlogin.

CVSS Score

5.8

EPSS Score

0.084

Published

2014-04-17

Page 3

Vulnerabilities

Vulnerable Software

Oracle: >> Identity Manager Security Vulnerabilities

Products

Pricing

Contact Us