RCE vulnerability - Mochiai.blog

Oracle OIM zero‑day: Pre‑auth RCE forces rapid patching across enterprises

By Shweta Sharma
November 24, 2025

Researchers found that appending query strings like “?WSDL” or path parameters like “;.wadl” to protected endpoints ( like “/iam/governance/applicationmanagement/templates;.wadl”), would cause “SecurityFilter” in OIM’s…