[Vulnerability Alert] Critical Security Vulnerability Found in Oracle Identity Manager and Oracle Web Services Manager (CVE-2026-21992)

Date Posted: 2026/03/26

Subject Explanation: [Vulnerability Alert] Critical Security Vulnerability Found in Oracle Identity Manager and Oracle Web Services Manager (CVE-2026-21992)

Content Description:
- Forwarding Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC) Security Alert TWCERTCC-200-202603-00000019
- Recently, Oracle released a critical security advisory for Identity Manager (Component: REST WebServices) and Web Services Manager (Component: Web Services Security) (CVE-2026-21992, CVSS: 9.8). This vulnerability allows an unauthenticated remote attacker to execute arbitrary code.
Impacted Platforms:
- Oracle Identity Manager version 12.2.1.4.0
- Oracle Identity Manager version 14.1.2.1.0
- Oracle Web Services Manager version 12.2.1.4.0
- Oracle Web Services Manager version 14.1.2.1.0
Suggested Measures:
- Please patch according to the solutions released on the official website: https://www.oracle.com/security-alerts/alert-cve-2026-21992.html
References:
1. https://www.twcert.org.tw/tw/cp-169-10796-f9ea4-1.html

Computer and Communication Center
Network Systems Division