A critical vulnerability in the Oracle Identity Manager Connector exposes the system to full compromise by low-privileged attackers via network-based HTTP exploitation.

The vulnerability resides in the Generic Unix Connector component, allowing an authenticated attacker with low privileges to execute commands or manipulate data through the network.

With a CVSS score of 9.9, this vulnerability poses a severe threat to organizational security. Compromise of the Identity Manager Connector can lead to unauthorized access to connected systems, potentially exposing sensitive identity data and administrative credentials. The scope change indicates that this risk extends beyond the connector itself, impacting the broader infrastructure.

Immediate Action: Apply the critical patch updates for Oracle Fusion Middleware as released by the vendor.

Proactive Monitoring: Monitor Identity Manager logs for anomalous configuration changes or unauthorized execution patterns within the Generic Unix Connector.

Compensating Controls: Restrict network access to the Identity Manager interface to trusted administrative subnets only, effectively limiting the attack surface.

Public Exploit Available: No

Given the critical nature of identity management infrastructure, this vulnerability must be addressed immediately. Security administrators should ensure that all instances of the affected connector are updated to the latest available patch level to prevent unauthorized access and maintain the integrity of identity services.