Oracle Identity Manager 0day

Oracle Identity Manager under fire — CISA sounds the alarm.

CISA added a critical Oracle Identity Manager flaw to the Known Exploited Vulnerabilities (KEV) catalogue, citing live attacks. The issue (CVSS ~9.8) enables remote code execution and full takeover of identity infrastructure if left unpatched. Agencies must remediate by the KEV deadline; enterprises should treat OIM as “crown-jewel” identity plumbing and patch or mitigate quickly. Monitor for anomalous admin actions, new accounts, and suspect connectors while rolling out fixes.

When your identity system is vulnerable, everything that relies on it is vulnerable. CISA has dropped Oracle Identity Manager (OIM) into its KEV list after spotting active exploitation of a critical flaw that can hand attackers remote code execution. Translation: fix it, or someone else will fix it for you, permanently.

Why it matters: OIM orchestrates who gets access to what. A compromised OIM can mint accounts, assign roles, and open doors across your environment. That’s why CISA has set a remediation deadline for federal networks; private sector outfits should move in lockstep.

Action plan:
• Patch to the vendor-specified safe versions without delay.
• Lock down consoles to management networks/VPN and enforce MFA for admins.
• Hunt for unusual provisioning events, sudden role explosions, or new connectors.
• Back up configs, then rotate service account credentials tied to OIM.
Identity is an attack multiplier. Close this one fast and review other IAM admin surfaces while you’re there.