Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2017.0183.2 Oracle Security Alert Advisory - Vulnerability in Oracle Fusion Middleware CVE-2017-10151 2 November 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Oracle Identity Manager Operating System: Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Administrator Compromise -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2017-10151 Member content until: Thursday, November 30 2017 Revision History: November 2 2017: Addressed spelling issues October 31 2017: Initial Release OVERVIEW A vulnerability has been identified in Oracle Identity Manager: Oracle Fusion Middleware versions 11.1.1.7, 11.1.1.9, 11.1.2.1.0, 11.1.2.2.0, 11.1.2.3.0 and 12.2.1.3.0 [1] IMPACT The vendor has provided the following information regarding the vulnerability. "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager. While the vulnerability is in Oracle Identity Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Identity Manager. " [1] MITIGATION "Due to the severity of this vulnerability, Oracle strongly recommends that customers apply the updates provided by this Security Alert without delay." [1], [2] REFERENCES [1] Oracle Security Alert Advisory - CVE-2017-10151 http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10151-4016513.html [2] Fusion Middleware Patch https://support.oracle.com/rs?type=doc&id=2322316.1 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWfq0Dox+lLeg9Ub1AQgq9w/9GYizNJMZHe0L1um4RYV4FZdQomcJ9enH BNofJaUVx8PsHqGFF60BvGi06iouMtci0tGQJRmS/cR0gWq9xNglkc5uQGNvq961 gsCklCjLYdX7u7ufFRGojh5TxjxKjP6P0qG0yYTjUp2+t/IEa3luMLBFNEawclp8 H+VqkmGTo23GeU3WYaRC1+ZcF4dWwgZyDf3qELZYA5RDlXMYttfoQrE1hI9idJtK 1HG4OT0+XhQRh1huDBncCQhWZlublisECr4cAIHSeDr/wUp2KvkhK/gD9BNzfL1T IMWaoS5JJkGQt9DDlcjaJZ4ccNdeOGOrevFP30WMLTjgnO18TDDrd7qrEEPlG2Ti 3izGGeuW6F6SoymmVNCW6HSinSM6oZwhnvZOtoPlOUcqAl/J3iQHQOyL/oopgKdD pOb2QU5SVCZ0l9CZEdSdAJJgGzREwWgBSpMiQJC7r+wjYrSQoe1+RebXXTTJr6PI avkWM/y9mXa16gf/m08TLd6g+QKdZRuCjDPpCUBKrr6qR/2cvOF3lhALugug3Lsn OsC2GXn2f1UVAf+vUyqmTTF+IDJDSinglvrDezz39pkxAzAm+qLp8ggHeuDaHTz/ TnkcmuUKiV8WUziNiwx6gzOdLIs2Y7sVk6LknI/dxRnSEK99ZiuYJx7DNHq0x9HA Q0HRAefWxY4= =Qc8N -----END PGP SIGNATURE-----