By The Hacker News
Publication Date: 2026-03-21 10:24:00
Oracle has released Security updates to address a critical security vulnerability in Identity Manager and Web Services Manager that could be exploited for remote code execution.
The vulnerability, tracked as CVE-2026-21992carries a CVSS score of 9.8 out of a maximum of 10.0.
“This vulnerability can be exploited remotely without authentication,” Oracle said said in a consultation. “If successfully exploited, this vulnerability could lead to remote code execution.”
CVE-2026-21992 affects the following versions:
- Oracle Identity Manager versions 12.2.1.4.0 and 14.1.2.1.0
- Oracle Web Services Manager versions 12.2.1.4.0 and 14.1.2.1.0
According to a Description The vulnerability in the NIST National Vulnerability Database (NVD) makes it “easily exploitable” and could allow an unauthenticated attacker with network access over HTTP to compromise Oracle Identity Manager and Oracle Web Services Manager. This in turn can result in…