好的,我现在需要帮用户总结一下这篇文章的内容,控制在100字以内,而且不需要特定的开头。首先,我得仔细阅读文章内容,抓住关键点。 文章主要讲的是Oracle发布了紧急安全更新,修复了身份管理器和Web服务管理器中的一个严重漏洞CVE-2026-21992。这个漏洞是未经身份验证的远程代码执行漏洞,CVSS评分高达9.8。Oracle强烈建议用户尽快应用补丁,并提到这个漏洞可能已经被利用,但Oracle拒绝评论具体情况。 接下来,我需要把这些信息浓缩到100字以内。要确保包含主要元素:Oracle发布补丁、修复的漏洞、影响的产品版本、漏洞的严重性和建议措施。 可能会忽略一些细节,比如具体的CVSS评分和产品版本号,但核心信息必须保留。同时,要保持语言简洁明了,避免使用复杂的术语。 最后检查一下字数是否符合要求,并确保没有遗漏关键信息。 </think> Oracle发布紧急安全更新修复身份管理器和Web服务管理器中的严重远程代码执行漏洞CVE-2026-21992。该漏洞无需认证且可远程利用,CVSS评分9.8。建议用户尽快应用补丁以降低风险。 2026-3-20 19:2:25 Author: www.bleepingcomputer.com(查看原文) 阅读量:7 收藏
Update: Added that Oracle declined to comment on whether the vulnerability has been exploited.
Oracle has released an out-of-band security update to fix a critical unauthenticated remote code execution vulnerability in Identity Manager and Web Services Manager tracked as CVE-2026-21992.
Oracle Identity Manager is used for managing identities and access across an enterprise, while Oracle Web Services Manager provides security and management controls for web services.
In an advisory released yesterday, Oracle is "strongly" recommending that customers apply the patches as soon as possible.
"This Security Alert addresses vulnerability CVE-2026-21992 in Oracle Identity Manager and Oracle Web Services Manager. This vulnerability is remotely exploitable without authentication. If successfully exploited, this vulnerability may result in remote code execution," reads the security advisory.
"Oracle strongly recommends that customers apply the updates or mitigations provided by this Security Alert as soon as possible. Oracle always recommends that customers remain on actively-supported versions and apply all Security Alerts and Critical Patch Update security patches without delay."
The CVE-2026-21992 vulnerability has a CVSS v3.1 severity score of 9.8 and impacts Oracle Identity Manager versions 12.2.1.4.0 and 14.1.2.1.0, as well as Oracle Web Services Manager versions 12.2.1.4.0 and 14.1.2.1.0.
Oracle says the flaw is of low complexity, remotely exploitable over HTTP, and does not require authentication or user interaction, increasing the risk of exploitation on exposed servers.
The fix was released through its Security Alert program, which delivers out-of-schedule fixes or mitigations for critical or actively exploited vulnerabilities. However, Oracle says that patches released through these programs are only offered for versions under Premier or Extended Support, and older unsupported versions may be vulnerable.
Oracle has not disclosed whether the vulnerability has been exploited and declined to comment when BleepingComputer asked about its exploitation status.
In a separate blog post published today, Oracle once again noted the severity of CVE-2026-21992 and warned customers to review the security alert for full details and patch information.
Red Report 2026: Why Ransomware Encryption Dropped 38%
Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.
Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.
如有侵权请联系:admin#unsafe.sh