好的,我现在需要帮用户总结一篇文章的内容,控制在100个字以内。首先,我得仔细阅读文章,理解其主要内容和关键点。 文章主要讲的是Oracle修复了一个严重的远程代码执行漏洞,编号是CVE-2026-21992。这个漏洞影响了Identity Manager和Web Services Manager的特定版本,CVSS评分为9.8,属于高危漏洞。攻击者无需认证即可通过HTTP控制这些系统,可能导致系统完全被接管。Oracle已经发布了安全更新,并强烈建议用户尽快应用这些补丁。 接下来,我需要将这些信息浓缩到100字以内。要注意不要使用“文章内容总结”之类的开头,直接描述即可。同时要包含关键要素:漏洞名称、影响的产品、严重性、攻击方式、修复措施等。 可能会遇到的问题是如何在有限的字数内涵盖所有重要信息而不遗漏关键点。需要精简语言,使用简洁的表达方式。 最后,检查字数是否符合要求,并确保信息准确无误。 </think> Oracle修复了Identity Manager和Web Services Manager中的严重漏洞CVE-2026-21992(CVSS评分9.8),该漏洞允许未认证攻击者通过HTTP远程控制受影响系统。Oracle已发布安全更新以应对这一高危风险,并建议用户尽快应用补丁以防止潜在攻击。 2026-3-22 15:37:49 Author: securityaffairs.com(查看原文) 阅读量:8 收藏
Oracle fixes critical RCE flaw CVE-2026-21992 in Identity Manager
Oracle fixed a critical severity flaw, tracked as CVE-2026-21992, enabling unauthenticated remote code execution in Identity Manager.
Oracle released security updates to address a critical vulnerability, tracked as CVE-2026-21992 (CVSS score of 9.8), affecting Identity Manager and Web Services Manager.
The flaw lets unauthenticated attackers over HTTP take control of Oracle Identity Manager and Web Services Manager, risking full system compromise with severe impact on data and availability.
“This Security Alert addresses vulnerability CVE-2026-21992 in Oracle Identity Manager and Oracle Web Services Manager. This vulnerability is remotely exploitable without authentication. If successfully exploited, this vulnerability may result in remote code execution.” reads the advisory.
“Oracle strongly recommends that customers apply the updates or mitigations provided by this Security Alert as soon as possible. Oracle always recommends that customers remain on actively-supported versions and apply all Security Alerts and Critical Patch Update security patches without delay.”
The issue is labeled as “easily exploitable.”
The vulnerability impacts Oracle Web Services Manager and Identity Manager versions 12.2.1.4.0 and 14.1.2.1.0.
Oracle did not reveal if the vulnerability was exploited in attacks in the wild.
In November 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Oracle Fusion Middleware flaw, tracked as CVE-2025-61757 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog.
The vulnerability is a missing authentication for a critical function that can result in pre-authenticated remote code execution. The flaw is easily exploitable and allows an unauthenticated attacker with HTTP network access to compromise Identity Manager, enabling a full takeover of the system.
The flaw impacts versions 12.2.1.4.0 and 14.1.2.1.0. Oracle addressed the flaw with the release of Oracle Critical Patch Update Advisory – October 2025.
Adam Kues and Shubham Shah of Assetnote reported the vulnerability.
SANS researcher Johannes B. Ullrich recently reported that an analysis of his organization’s honeypot logs revealed multiple HTTP POST attempts between August 30 and September 9, 2025, targeting the Oracle Identity Manager endpoint associated with CVE-2025-61757. The scans originated from different IPs but used the same user agent, suggesting a single attacker. The 556-byte POST payloads indicate likely exploitation as a zero-day, weeks before Oracle released a patch. Attempts came from 89.238.132[.]76, 185.245.82[.]81, and 138.199.29[.]153.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Oracle Identity Manager)
如有侵权请联系:admin#unsafe.sh