A critical unauthenticated vulnerability in the Oracle Identity Manager Connector exposes enterprise identity repositories to unauthorized modification and unauthorized data access.

An unauthenticated attacker with network access can compromise the Core component of the connector, resulting in unauthorized access or modification of sensitive identity information.

With a CVSS score of 9.1, this flaw poses a severe threat to organizational security. Compromising the Identity Manager allows attackers to manipulate user access rights, potentially facilitating further lateral movement or data theft across the entire enterprise.

Immediate Action: Install the security updates provided by Oracle for the Identity Manager Connector version 12.2.1.4.0.

Proactive Monitoring: Monitor for unauthorized authentication attempts and suspicious API calls to the Identity Manager Connector component.

Compensating Controls: Restrict inbound HTTPS access to the Identity Manager to verified administrative and application service endpoints.

Public Exploit Available: No

Administrators must treat this vulnerability with high priority. Patching is essential to maintain the integrity of the identity management infrastructure and prevent unauthorized access to critical organizational data.