{ "document" : { "aggregate_severity" : { "text" : "hoch" }, "category" : "csaf_base", "csaf_version" : "2.0", "distribution" : { "tlp" : { "label" : "WHITE", "url" : "https://www.first.org/tlp/" } }, "lang" : "de-DE", "notes" : [ { "category" : "legal_disclaimer", "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen." }, { "category" : "description", "text" : "Oracle Fusion Middleware bündelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.", "title" : "Produktbeschreibung" }, { "category" : "summary", "text" : "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Oracle Fusion Middleware Identity Manager und Web Services Manager ausnutzen, um beliebigen Programmcode auszuführen, was möglicherweise zu einer vollständigen Kompromittierung und Übernahme des Systems führen kann.", "title" : "Angriff" }, { "category" : "general", "text" : "- Sonstiges\n- UNIX\n- Windows", "title" : "Betroffene Betriebssysteme" } ], "publisher" : { "category" : "other", "contact_details" : "csaf-provider@cert-bund.de", "name" : "Bundesamt für Sicherheit in der Informationstechnik", "namespace" : "https://www.bsi.bund.de" }, "references" : [ { "category" : "self", "summary" : "WID-SEC-W-2026-0807 - CSAF Version", "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0807.json" }, { "category" : "self", "summary" : "WID-SEC-2026-0807 - Portal Version", "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0807" }, { "category" : "external", "summary" : "Oracle Security Alert Advisory - CVE-2026-21992 vom 2026-03-19", "url" : "https://www.oracle.com/security-alerts/alert-cve-2026-21992.html" } ], "source_lang" : "en-US", "title" : "Oracle Fusion Middleware (Identity Manager und Web Services Manager): Schwachstelle ermöglicht Codeausführung", "tracking" : { "current_release_date" : "2026-03-19T23:00:00.000+00:00", "generator" : { "date" : "2026-03-20T11:13:07.639+00:00", "engine" : { "name" : "BSI-WID", "version" : "1.5.0" } }, "id" : "WID-SEC-W-2026-0807", "initial_release_date" : "2026-03-19T23:00:00.000+00:00", "revision_history" : [ { "date" : "2026-03-19T23:00:00.000+00:00", "number" : "1", "summary" : "Initiale Fassung" } ], "status" : "final", "version" : "1" } }, "product_tree" : { "branches" : [ { "branches" : [ { "branches" : [ { "category" : "product_version_range", "name" : "Identity Manager <12.2.1.4.0", "product" : { "name" : "Oracle Fusion Middleware Identity Manager <12.2.1.4.0", "product_id" : "T051975" } }, { "category" : "product_version", "name" : "Identity Manager 12.2.1.4.0", "product" : { "name" : "Oracle Fusion Middleware Identity Manager 12.2.1.4.0", "product_id" : "T051975-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:oracle:fusion_middleware:identity_manager__12.2.1.4.0" } } }, { "category" : "product_version_range", "name" : "Web Services Manager <12.2.1.4.0", "product" : { "name" : "Oracle Fusion Middleware Web Services Manager <12.2.1.4.0", "product_id" : "T051976" } }, { "category" : "product_version", "name" : "Web Services Manager 12.2.1.4.0", "product" : { "name" : "Oracle Fusion Middleware Web Services Manager 12.2.1.4.0", "product_id" : "T051976-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:oracle:fusion_middleware:web_services_manager__12.2.1.4.0" } } }, { "category" : "product_version_range", "name" : "Identity Manager <14.1.2.1.0", "product" : { "name" : "Oracle Fusion Middleware Identity Manager <14.1.2.1.0", "product_id" : "T051977" } }, { "category" : "product_version", "name" : "Identity Manager 14.1.2.1.0", "product" : { "name" : "Oracle Fusion Middleware Identity Manager 14.1.2.1.0", "product_id" : "T051977-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:oracle:fusion_middleware:identity_manager__14.1.2.1.0" } } }, { "category" : "product_version_range", "name" : "Web Services Manager <14.1.2.1.0", "product" : { "name" : "Oracle Fusion Middleware Web Services Manager <14.1.2.1.0", "product_id" : "T051978" } }, { "category" : "product_version", "name" : "Web Services Manager 14.1.2.1.0", "product" : { "name" : "Oracle Fusion Middleware Web Services Manager 14.1.2.1.0", "product_id" : "T051978-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:oracle:fusion_middleware:web_services_manager__14.1.2.1.0" } } } ], "category" : "product_name", "name" : "Fusion Middleware" } ], "category" : "vendor", "name" : "Oracle" } ] }, "vulnerabilities" : [ { "cve" : "CVE-2026-21992", "product_status" : { "known_affected" : [ "T051978", "T051976", "T051977", "T051975" ] }, "release_date" : "2026-03-19T23:00:00.000+00:00", "title" : "CVE-2026-21992" } ] }