Sonstige Informationen und Dienstleistungen der Regierung: www.belgium.be Centre for Cybersecurity Belgium
search

Warning: Critical vulnerability in Oracle Identity Manager and Oracle Web Services Manager. Patch Immediately!

Image
Decorative image
Veröffentlicht : 23/03/2026
  • Last update: 23/03/2026
  • Affected software: Oracle Identity Manager and Oracle Web Services Manager
  • Type: Remote Code Execution (RCE)
  • CVE/CVSS: CVE-2026-21992: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Sources

Vendor Advisory: https://www.oracle.com/security-alerts/alert-cve-2026-21992.html
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-21992

Risks

This vulnerability is remotely exploitable without authentication. If successfully exploited, it can result in remote code execution. This has a high impact on availability, integrity and confidentiality. The vulnerability is easily exploitable according to Oracle and poses a risk of active exploitation.

Description

Oracle Identity Manager (OIM) is an identity governance platform that automates user lifecycle management across applications and systems. Oracle Web Services Manager (OWSM), installed with an Oracle Fusion Middleware Infrastructure, provides a policy-driven framework for consistently managing and securing web services across the organization.
CVE-2026-21992 affects both the REST WebServices component of OIM and the Web Services Security components of OWSM. This vulnerability allows an unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager and Oracle Web Services Manager. Successful attacks of this vulnerability can result in takeover of Oracle Identity Manager and Oracle Web Services Manager.
Although this patch was released outside the regular update cycle, the vendor did not report any active exploitation in the wild.

Recommended Actions

Patch

The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.

Monitor/Detect

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via: https://ccb.belgium.be/report-incident.

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.