November 2017

Identity Divorces Security…Again—The Oracle Edition

By | Date posted: November 14, 2017

Oracle recently released a Security Alert Advisory regarding a newly identified – and soon thereafter patched – vulnerability within Oracle’s Identity Manager, a user identity validation tool for granting access to enterprise systems.

The bug referred to by Threatpost’s Michael Mimoso as one that’s “as bad as it gets,” scored a 10 on the CVSS score – the highest severity possible. As explained via NIST’s National Vulnerability Database, the vulnerability is “easily exploitable” and “can result in a takeover of Oracle Identity Manager.”

Read more