{"id":226385,"date":"2026-03-22T11:42:00","date_gmt":"2026-03-22T15:42:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/03\/22\/oracle-fixes-critical-rce-flaw-cve-2026-21992-in-identity-manager\/"},"modified":"2026-03-22T12:10:14","modified_gmt":"2026-03-22T16:10:14","slug":"oracle-fixes-critical-rce-flaw-cve-2026-21992-in-identity-manager","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/03\/22\/oracle-fixes-critical-rce-flaw-cve-2026-21992-in-identity-manager\/","title":{"rendered":"Oracle fixes critical RCE flaw CVE-2026-21992 in Identity Manager"},"content":{"rendered":"<p><a href=\"https:\/\/securityaffairs.com\/189796\/security\/oracle-fixes-critical-rce-flaw-cve-2026-21992-in-identity-manager.html\">Oracle fixes critical RCE flaw CVE-2026-21992 in Identity Manager<\/a><\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/189796\/security\/oracle-fixes-critical-rce-flaw-cve-2026-21992-in-identity-manager.html\">https:\/\/securityaffairs.com\/189796\/security\/oracle-fixes-critical-rce-flaw-cve-2026-21992-in-identity-manager.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-03-22 11:42:00<\/a><\/p>\n<p>Source Domain: <a href=\"securityaffairs.com\">securityaffairs.com<\/a><\/p>\n<p><h2>Oracle fixes critical RCE flaw CVE-2026-21992 in Identity Manager<\/h2>\n<\/p>\n<p>\t\t\t\t\t\t\t<span> Pierluigi Paganini<\/span><br \/>\n\t\t\t\t\t\t\t<span><img decoding=\"async\" src=\"https:\/\/securityaffairs.com\/wp-content\/themes\/security_affairs\/images\/clock-icon.svg\" alt=\"\"\/> March 22, 2026<\/span><\/p>\n<p>\t\t\t\t\t\t<img decoding=\"async\" class=\"img-fluid mb-4\" src=\"https:\/\/i0.wp.com\/securityaffairs.com\/wp-content\/uploads\/2014\/02\/Oracle.jpg?fit=600%2C337&#038;ssl=1\" alt=\"\"\/><\/p>\n<h2 class=\"wp-block-heading\">Oracle fixed a critical severity flaw, tracked as CVE-2026-21992, enabling unauthenticated remote code execution in Identity Manager.<\/h2>\n<p>Oracle released security updates to address a critical vulnerability, tracked as CVE-2026-21992 (CVSS score of 9.8), affecting Identity Manager and Web Services Manager. <\/p>\n<p>The flaw lets unauthenticated attackers over HTTP take control of Oracle Identity Manager and Web Services Manager, risking full system compromise with severe impact on data and availability.<\/p>\n<p>\u201cThis Security Alert addresses vulnerability CVE-2026-21992 in Oracle Identity Manager and Oracle Web Services Manager. This vulnerability is remotely exploitable without authentication. If successfully exploited, this vulnerability may result in remote code execution.\u201d reads the advisory.<\/p>\n<p>\u201cOracle strongly recommends that customers apply the updates or mitigations provided by this Security Alert as soon as possible. Oracle always recommends that customers remain on actively-supported versions and apply all Security Alerts and Critical Patch Update security patches without delay.\u201d<\/p>\n<p>The issue is labeled as \u201ceasily exploitable.\u201d<\/p>\n<p>The vulnerability impacts Oracle Web Services Manager and Identity Manager versions 12.2.1.4.0 and 14.1.2.1.0.<\/p>\n<p>Oracle did not reveal if the vulnerability was exploited in attacks in the wild. <\/p>\n<p>In November 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA)\u00a0added\u00a0an Oracle Fusion Middleware\u00a0flaw, tracked as\u00a0CVE-2025-61757\u00a0\u00a0(CVSS score of 9.8), to its\u00a0Known Exploited Vulnerabilities (KEV) catalog.<\/p>\n<p>The vulnerability is a missing authentication for a critical function that can result in pre-authenticated remote code execution. The flaw is easily exploitable and allows an unauthenticated attacker with HTTP network access to&#8230;<\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/189796\/security\/oracle-fixes-critical-rce-flaw-cve-2026-21992-in-identity-manager.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Oracle fixes critical RCE flaw CVE-2026-21992 in Identity Manager https:\/\/securityaffairs.com\/189796\/security\/oracle-fixes-critical-rce-flaw-cve-2026-21992-in-identity-manager.html Publish Date: 2026-03-22 11:42:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":226386,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2014\/02\/Oracle.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,27],"class_list":["post-226385","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/226385"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=226385"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/226385\/revisions"}],"predecessor-version":[{"id":226387,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/226385\/revisions\/226387"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/226386"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=226385"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=226385"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=226385"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}