My Oracle Support Banner

How To Mitigate SSL/TSL Weak Cipher Rivest Cipher 4 (RC4/ARC4/ARCFOUR) Vulnerability in Oracle Analytics Server (Doc ID 2946230.1)

Last updated on MAY 03, 2023

Applies to:

Oracle Analytics Server - Version 5.9.0 and later
Information in this document applies to any platform.


After SSL was configured and Internal SSL was enabled for Oracle Analytics Server (OAS), a security scan reported the below vulnerability where the mentioned port is for the Oracle BI Scheduler (OBISCH):

Vulnerability: Secure Sockets Layer/Transport Layer Security (SSL/TSL) use of Weak Cipher Rivest Cipher 4 (RC4/ARC4/ARCFOUR)
Associated CVEs: CVE-2013-2566, CVE-2015-2808
Associated assets:
OAS Node 1 port ####/tcp over SSL
OAS Node 2 port ####/tcp over SSL

How can this vulnerability be minimized / mitigated?


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.