【資安漏洞預警】Oracle Identity Manager 和 Oracle Web Services Manager 存在重大資安漏洞(CVE-2026-21992)
[Security Vulnerability Alert] Oracle Identity Manager and Oracle Web Services Manager contain a critical cybersecurity vulnerability (CVE-2026-21992)

發布單位:圖資處數位服務組
日期範圍:2026/3/26 ~ 2026/9/26
 
發布單位:圖資處數位服務組
日期範圍:2026/3/26 ~ 2026/9/26
行政 行政公告
全體

轉發 台灣電腦網路危機處理暨協調中心 資安訊息警訊 TWCERTCC-200-202603-00000019

[內容說明]
近日Oracle針對 Identity Manager (元件: REST WebServices)和 Web Services Manager(元件: Web Services Security)發布重大資安公告(CVE-2026-21992,CVSS:9.8),該漏洞允許未經身分驗證的遠端攻擊者可遠端程式碼執行。

[影響平台]
Oracle Identity Manager 12.2.1.4.0版本
Oracle Identity Manager 14.1.2.1.0版本
Oracle Web Services Manager 12.2.1.4.0版本
Oracle Web Services Manager 14.1.2.1.0版本

[建議措施]
根據官方網站釋出的解決方式進行修補: https://www.oracle.com/security-alerts/alert-cve-2026-21992.html

[參考資料]
1. https://www.twcert.org.tw/tw/cp-169-10796-f9ea4-1.html

Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202603-00000019

[Content Description]
Oracle recently released a critical cybersecurity advisory (CVE-2026-21992, CVSS: 9.8) for Identity Manager (component: REST WebServices) and Web Services Manager (component: Web Services Security). This vulnerability allows unauthenticated remote attackers to execute remote code.

[Affected Platforms]
Oracle Identity Manager version 12.2.1.4.0
Oracle Identity Manager version 14.1.2.1.0
Oracle Web Services Manager version 12.2.1.4.0
Oracle Web Services Manager version 14.1.2.1.0

[Recommended Actions]
Patch the issue according to the solutions released on the official website: https://www.oracle.com/security-alerts/alert-cve-2026-21992.html

[References]
1. https://www.twcert.org.tw/tw/cp-169-10796-f9ea4-1.html


相關附件
system_update_alt官方網站
system_update_alt參考資料
【返回上頁】
Top↑