CVE-2021-2458

7.6 HIGH

Authentication Bypass

📋 TL;DR

This vulnerability in Oracle Identity Manager allows low-privileged attackers with network access via HTTP to compromise the system. Successful exploitation requires human interaction from someone other than the attacker and can lead to unauthorized access to critical data or complete access to all Identity Manager accessible data. Affected versions include 11.1.2.2.0, 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0.

💻 Affected Systems

Products:

• Oracle Identity Manager

Versions: 11.1.2.2.0, 11.1.2.3.0, 12.2.1.3.0, 12.2.1.4.0

Operating Systems: Any OS running Oracle Identity Manager

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the Identity Console component. Requires low privileged attacker with network access via HTTP.

📦 What is this software?

Identity Manager by Oracle

View all CVEs affecting Identity Manager →

Identity Manager by Oracle

View all CVEs affecting Identity Manager →

Identity Manager by Oracle

View all CVEs affecting Identity Manager →

Identity Manager by Oracle

View all CVEs affecting Identity Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of Identity Manager with unauthorized access to all data, potential lateral movement to connected systems, and unauthorized data modification.

🟠

Likely Case

Unauthorized access to sensitive identity data, privilege escalation within Identity Manager, and potential data manipulation.

🟢

If Mitigated

Limited impact due to network segmentation, strong authentication controls, and monitoring that detects suspicious activity.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires low privileged access and human interaction from another user. Oracle describes as 'easily exploitable'.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply Critical Patch Update for July 2021

Vendor Advisory: https://www.oracle.com/security-alerts/cpujul2021.html

Restart Required: Yes

Instructions:

1. Download the appropriate Critical Patch Update from Oracle Support. 2. Apply the patch following Oracle's patching procedures. 3. Restart the Identity Manager services. 4. Verify the patch was successfully applied.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to Identity Manager to only trusted sources

Privilege Reduction

all

Minimize user privileges and implement least privilege access

🧯 If You Can't Patch

• Implement strict network access controls to limit exposure
• Enhance monitoring and logging for suspicious Identity Manager activity

🔍 How to Verify

Check if Vulnerable:

Copy

Check Oracle Identity Manager version against affected versions list

Check Version:

Copy

Check Oracle documentation for version query specific to your deployment

Verify Fix Applied:

Copy

Verify patch application through Oracle patch verification tools and check version post-patch

📡 Detection & Monitoring

Log Indicators:

• Unusual authentication patterns
• Unexpected privilege changes
• Suspicious Identity Console activity

Network Indicators:

• Unusual HTTP traffic patterns to Identity Manager endpoints
• Requests from unexpected sources

SIEM Query:

Copy

source="oracle-identity-manager" AND (event_type="privilege_change" OR event_type="unusual_access")

📊 Metadata

CVE ID: CVE-2021-2458

CVSS v3 Score: 7.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N

Published: July 21, 2021

Last Updated: November 21, 2024

🔗 References

• https://www.oracle.com/security-alerts/cpujul2021.html Vendor Advisory
• https://www.oracle.com/security-alerts/cpujul2021.html Vendor Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON