Oracle 紧急发布安全更新,修复 Identity Manager 和 Web Services Manager 中的 ...

该漏洞的 CVSS 3.1 基础评分为 9.8,属于 Oracle 风险评估体系中最严重的等级之一。 该漏洞在机密性(Confidentiality)、完整性(Integrity)和可用性(Availability)三个方面的影响均被评为“高”,表明一旦成功利用,攻击者可能完全控制受影响系统。 在 Oracle Identity Manager 中,漏洞存在于 REST Web Services ...
The Hacker News

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

Oracle fixes CVE-2026-21992 (CVSS 9.8) flaw enabling unauthenticated RCE via HTTP, risking full system compromise.

Oracle pushes emergency fix for critical Identity Manager RCE flaw

Oracle has released an out-of-band security update to fix a critical unauthenticated remote code execution vulnerability in Identity Manager and Web Services Manager tracked as CVE-2026-21992.

Oracle Identity Manager: Out-of-band update against code smuggling vulnerability

Oracle has released an emergency update for Identity Manager and Web Services Manager to close a code smuggling vulnerability ...