Oracle issued an emergency patch for a remote code execution vulnerability in Oracle Identity Manager rated a 10 out of 10 in severity. The vulnerability, CVE-2017-10151, enables an attacker to remotely take over the software without the need for authentication. Oracle said the vulnerability is easily exploitable, and should be addressed immediately. Oracle’s most recent quarterly Critical Patch Update was released on Oct. 17, but this vulnerability was not listed in the update. Oracle patched 1,119 bugs this year compared to 914 last year and 614 in 2015.
Source: https://threatpost.com/emergency-oracle-patch-closes-bug-rated-10-in-severity/128698/