Last week, Oracle has released an out of cycle security advisory (CVE-2017-10151) for a vulnerability which affects Oracle identity manager. The vulnerability allows attackers to access Oracle Identity Manager using a built-in account (OIMINTERNAL) which has its default password set to a single space character.
This highly privileged account allows attackers to completely compromise Oracle Identity Manager.
Mitigation with attack signatures
ASM users are encouraged to configure the following user defined attack signature to detect exploitation attempts of this vulnerability: