[Security Vulnerability Alert] Oracle Identity Manager and Oracle Web Services Manager contain a critical cybersecurity vulnerability (CVE-2026-21992)

[Security Vulnerability Alert] Oracle Identity Manager and Oracle Web Services Manager contain a critical cybersecurity vulnerability (CVE-2026-21992)

2026/3/26 ～ 2026/9/26

View Count：59

Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202603-00000019

[Content Description]
Oracle recently released a critical cybersecurity advisory (CVE-2026-21992, CVSS: 9.8) for Identity Manager (component: REST WebServices) and Web Services Manager (component: Web Services Security). This vulnerability allows unauthenticated remote attackers to execute remote code.

[Affected Platforms]
Oracle Identity Manager version 12.2.1.4.0
Oracle Identity Manager version 14.1.2.1.0
Oracle Web Services Manager version 12.2.1.4.0
Oracle Web Services Manager version 14.1.2.1.0

[Recommended Actions]
Patch the issue according to the solutions released on the official website: https://www.oracle.com/security-alerts/alert-cve-2026-21992.html

[References]
1. https://www.twcert.org.tw/tw/cp-169-10796-f9ea4-1.html

[Security Vulnerability Alert] Oracle Identity Manager and Oracle Web Services Manager contain a critical cybersecurity vulnerability (CVE-2026-21992)

2026/3/26 ～ 2026/9/26

View Count：59

Files

官方網站

參考資料

【Back】

[Security Vulnerability Alert] Oracle Identity Manager and Oracle Web Services Manager contain a critical cybersecurity vulnerability (CVE-2026-21992)

2026/3/26 ～ 2026/9/26

View Count：59

Files

system_update_alt官方網站

system_update_alt參考資料

【Back】

官方網站

參考資料