Oracle Access Manager Data Manipulation Vulnerability
Release Date : 2013-01-16
Criticality level : Less critical
Impact: Manipulation of data
Where: From local network
Solution Status : Vendor Patch
Software: Oracle Access Manager 10.x
Oracle Access Manager 11.x
A vulnerability has been reported in Oracle Access Manager, which can be exploited by malicious people to manipulate certain data.
The vulnerability is caused due to an unspecified error in the OAM Webgate subcomponent and can be exploited to update, insert, or delete certain Oracle Access Manager accessible data via HTTP.
The vulnerability is reported in versions 10.1.4.3.0, 18.104.22.168.0, and 22.214.171.124.0.
Provided and/or discovered by:
It is currently unclear who reported the vulnerability as the Oracle Critical Patch Update for January 2013 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information.