CIS Advisories

A Vulnerability in Oracle Products Could Allow for Remote Code Execution

2026-03-23 · Read original ↗

ATT&CK techniques detected

2 predictions

T1078.001Default Accounts

92%

": perform periodic external penetration tests based on program requirements, no less than annually. external penetration testing must include enterprise and environmental reconnaissance to detect exploitable information. penetration testing requires specialized skills and experie…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1190Exploit Public-Facing Application

82%

", versions 12. 2. 1. 4. 0, 14. 1. 2. 1. 0 - oracle web services manager, versions 12. 2. 1. 4. 0, 14. 1. 2. 1. 0 risk : government : businesses : home users : technical summary : a vulnerability has been discovered in oracle products that could allow for remote code execution. de…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

Summary

A vulnerability has been discovered in Oracle Products that could allow for remote code execution.

Oracle Identity Manager is an identity management product that automates user provisioning, identity administration, and password management, integrated in a comprehensive workflow engine.
Oracle Web Services Manager is a comprehensive security and policy management framework within Oracle Fusion Middleware that allows enterprises to secure, manage, and monitor web services.

Successful exploitation of this vulnerability could allow for remote code execution. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have less rights on the system could be less impacted than those who operate with administrative user rights.