enterprise software giant Oracle issued a huge warning about a critical vulnerability in the company’s Oracle Identity Manager. The software giant urges its users to consider an emergency update to fix a bug that allows attackers to gain full control over the software system. Oracle made the big announcement this week.
According to Security Boulevard, the latest security issue could allow an attacker with network access to compromise the Oracle Identity Manager (OIM) application and gain full control over the user management system. The newly discovered system vulnerability, which Oracle described as “easily exploitable,” received a base severity score of 10.0 or critical stage.
The affected versions of the company’s Oracle Identity Manager are the following: version 12.2.1.3.0, version 11.1.2.3.0, version 11.1.2.2.0, version 11.1.2.1.0, version, 11.1.1.9, and version 11.1.1.7.
About Oracle Identity Manager software
For starters, Oracle Identity Manager (OIM) is part of the company’s Fusion Middleware suite of business applications and enables enterprise companies to manage the entire user life-cycle across all if the company's enterprise resources. The system provides users provisioning and management, which allow companies to add new accounts for their employees, audit their users, and even enforce access control policies.
Originally, OIM was developed based on the needs of the enterprise businesses.
OIM was earlier a Thor Technologies product but was integrated into Oracle’s offerings after the software giant acquired the original software maker, Thor Technologies, in 2005.
About the latest software vulnerability
Fortunately, the enterprise software giant has managed to make some good recommendations for those affected Oracle customers.
In a recent blog post, the company urged its affected customers to apply the workaround instructions and fixes associated with the reported Security Alert immediately. Eric Maurice, Oracle's director of security assurance, has posted the workaround instructions. To learn more about the severity of the bug and the available update, affected customers are strongly advised to visit the company’s official website,
The OIM is a very critical part of the company’s applications.
The software system is used by IT employees to gain access to enterprise applications. This is the big reason why their security is very important for most companies. To counter the latest security threat, Oracle has decided to publish a Security Alert instead of waiting for the company's quarterly Critical Patch Update. Oracle’s regular update is expected to arrive next year, on January 16, 2018.