CVE-2026-21992 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: March 20, 2026
Oracle Identity Manager - Remote Code Execution
Published: March 20, 2026Updated: March 20, 2026Remote Exploitable
Overview
Oracle Identity Manager 12.2.1.4.0 and 14.1.2.1.0 contain a remote code execution vulnerability in REST WebServices and Web Services Security components, letting unauthenticated network attackers fully compromise the system, exploit requires network access via HTTP.
Severity & Score
Severity: Critical
CVSS Score: 9.8
Impact
Unauthenticated attackers can fully compromise Oracle Identity Manager and Oracle Web Services Manager, leading to complete system takeover.
Mitigation
Update to the latest available version.
Related Resources
Details
- CVE ID
- CVE-2026-21992
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- undefined
- Status
- new
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H