Skip to main content
A Singapore Government Agency Website How to identify
Official website links end with .gov.sg
Government agencies communicate via .gov.sg websites (e.g. go.gov.sg/open). Trusted websites
Secure websites use HTTPS
Look for a lock () or https:// as an added precaution. Share sensitive information only on official, secure websites.

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Critical Vulnerability in Oracle Products

23 March 2026

Oracle has released security updates to address a critical vulnerability in Oracle Web Services Manager and Identity Manager. Users and administrators of affected products are advised to update to the latest versions immediately.

Background

Oracle has released security updates to address a critical vulnerability (CVE-2026-21992) in Oracle Web Services Manager and Identity Manager. The vulnerability has a Common Vulnerability Scoring System (CVSSv3.1) score of 9.8 out of 10.

Impact

The critical vulnerability allows remote exploitation over HTTP by an unauthenticated attacker, requiring low complexity and no user interaction. Successful exploitation may allow the attacker to execute arbitrary code on affected systems, making exposed enterprise identity management and web services infrastructure susceptible to compromise.

Affected Products

The vulnerability affects Oracle Web Services Manager and Identity Manager versions 12.2.1.4.0 and 14.1.2.1.0.

Mitigation

Users and administrators of affected products are advised to update to the latest versions immediately.

References

https://www.oracle.com/security-alerts/alert-cve-2026-21992.html

https://nvd.nist.gov/vuln/detail/CVE-2026-21992

https://thehackernews.com/2026/03/oracle-patches-critical-cve-2026-21992.html

Back to top