A highly critical vulnerability has been discovered in Oracle’s enterprise identity management system. The vulnerability affects Oracle Identity Manager (OIM) component of Oracle Fusion Middleware. It can be easily exploited by remote, unauthenticated attackers to take full control over the affected systems. Oracle has not released complete details of the vulnerability in an effort to prevent exploitation in the wild, but here the “default account” could be a secret account with hard-coded or no password.Oracle has released patches for all versions of its affected products, so you are advised to install the patches.
Source: https://thehackernews.com/2017/10/oracle-identity-manager.html