I have Oracle Identity Manager running in my environment. What's going on? Am I vulnerable?
Recently, we’ve been getting more than a few questions about the Oracle Identity Manager vulnerability (CVE-2017-10151), which was rated by Oracle with the most critical CVSS score of 10. This is the highest possible CVSS score, which represents a vulnerability with a low complexity for exploitation, that does not require user interaction, and for which an exploit is highly available (according to Oracle). To top it all off, this vulnerability can be exploited over a customer’s network, without privileges or authentication. If exploited, this can result in the total compromise of an instance of Oracle Identity Manager.
Should I be worried about the Oracle Identity Manager vulnerability?
If there is even a small possibility that you are running Oracle Identity Manager in your environment you should prioritize detection and remediation at the earliest opportunity. Then log into your Oracle support account and see this page for more information on the vulnerability.
What can I do to understand if I, or my organization, is impacted by the Oracle Identity Manager vuln?
Log into your instance of InsightVM or Nexpose, ensure you are running the latest version of our products to take advantage of our recently published vulnerability coverage, and start a vulnerability scan. If the scan target is vulnerable to CVE-2017-10151, it will appear in your report with remediation advice. Rapid7 has released coverage for this vulnerability.
If you have any questions about this issue, feel free to comment below. You can also reach out to your CSM or Rapid7 support.