Oracle Identity Manager Critical Vulnerability

Advisory Version: 1.0
Reference: CVE-2017-10151
CVSS v3: 10.0
Affected software: Oracle Identity Manager
Type: HTTP authentication Vulnerability



Unauthenticated network access, which may lead to total system compromise.


An easily exploitable vulnerability allows an unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager (OIM). While the vulnerability is in Oracle Identity Manager, attacks may significantly impact additional products relying on OIM for user access control. Successful abuse of this vulnerability can result in the takeover of Oracle Identity Manager.

Affected Versions

Oracle Identity Manager, versions,,,,,

Recommended action

Due to the severity of this vulnerability, Oracle strongly recommends that customers apply the updates provided by the Security Advisory referenced in the sources of this document without delay.