wid-sec-w-2026-0807 · Published 2026-03-19 · View on BSI CERT-Bund ↗

Oracle Fusion Middleware (Identity Manager and Web Services Manager): Vulnerability allows Code execution

CVSS 9.8 CRITICAL

Risk Summary

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Oracle Fusion Middleware Identity Manager und Web Services Manager ausnutzen, um beliebigen Programmcode auszuführen, was möglicherweise zu einer vollständigen Kompromittierung und Übernahme des Systems führen kann.

CVEs (1)

CVE-2026-21992

Affected Vendors

Oracle

Affected Products (8)

Oracle · Fusion Middleware Identity Manager <12.2.1.4.0

Oracle · Fusion Middleware Identity Manager 12.2.1.4.0

Oracle · Fusion Middleware Web Services Manager <12.2.1.4.0

Oracle · Fusion Middleware Web Services Manager 12.2.1.4.0

Oracle · Fusion Middleware Identity Manager <14.1.2.1.0

Oracle · Fusion Middleware Identity Manager 14.1.2.1.0

Oracle · Fusion Middleware Web Services Manager <14.1.2.1.0

Oracle · Fusion Middleware Web Services Manager 14.1.2.1.0

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more