[Vulnerability Alert] Critical Security Vulnerability Found in Oracle Identity Manager and Oracle Web Services Manager (CVE-2026-21992)

• Subject Explanation: [Vulnerability Alert] Critical Security Vulnerability Found in Oracle Identity Manager and Oracle Web Services Manager (CVE-2026-21992)

• Content Description:
  • Forwarding Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC) Security Alert TWCERTCC-200-202603-00000019
  • Recently, Oracle released a critical security advisory for Identity Manager (Component: REST WebServices) and Web Services Manager (Component: Web Services Security) (CVE-2026-21992, CVSS: 9.8). This vulnerability allows an unauthenticated remote attacker to execute arbitrary code.
• Impacted Platforms:
  • Oracle Identity Manager version 12.2.1.4.0
  • Oracle Identity Manager version 14.1.2.1.0
  • Oracle Web Services Manager version 12.2.1.4.0
  • Oracle Web Services Manager version 14.1.2.1.0
• Suggested Measures:
  • Please patch according to the solutions released on the official website: https://www.oracle.com/security-alerts/alert-cve-2026-21992.html
• References:
  1. https://www.twcert.org.tw/tw/cp-169-10796-f9ea4-1.html

Computer and Communication Center
Network Systems Division