Oracle Access Manager Data Manipulation Vulnerability

by Carol~ Moderator - 1/16/13 12:39 PM

In Reply to: VULNERABILITIES / FIXES - January 16, 2013 by Carol~ Moderator

Release Date : 2013-01-16

Criticality level : Less critical
Impact: Manipulation of data
Where: From local network
Solution Status : Vendor Patch

Software: Oracle Access Manager 10.x
Oracle Access Manager 11.x

Description:
A vulnerability has been reported in Oracle Access Manager, which can be exploited by malicious people to manipulate certain data.

The vulnerability is caused due to an unspecified error in the OAM Webgate subcomponent and can be exploited to update, insert, or delete certain Oracle Access Manager accessible data via HTTP.

The vulnerability is reported in versions 10.1.4.3.0, 11.1.1.5.0, and 11.1.2.0.0.

Solution:
Apply updates.

Provided and/or discovered by:
It is currently unclear who reported the vulnerability as the Oracle Critical Patch Update for January 2013 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information.

Original Advisory:
Oracle:
http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html#AppendixFMW

http://secunia.com/advisories/51878/