Oracle Access Manager (OAM) Security Scan Reports An Unspecified Vulnerability (Doc ID 2921793.1)

Last updated on JANUARY 17, 2023

Applies to:

Oracle Access Manager - Version 12.2.1.4.0 and later
Information in this document applies to any platform.

Goal

Security scan reports the below vulnerability against the 12c Oracle Access Manager (OAM) deployment:

The remote host is affected by an unspecified vulnerability that allows authenticated attackers to affect confidentiality.
The remote Oracle Access Manager install has one more more domains that need configuration changes to protect against
an unspecified vulnerability affecting confidentiality.

Affected configuration files : oam-config.xml

This is addressed is the April 2014 CPU for OAM.

Background

I. Searching on "April 2014 CPU" lead to ...

Security Alerts, Oracle Critical Patch Update Advisory - April 2014
Patch Set Update and Critical Patch Update April 2014 Availability Document (Doc ID 1618213.1)

II. From this note ...

Affected Products and Versions - Oracle Access Manager, versions 10.1.4.3, 11.1.1.3.0, 11.1.1.5.0, 11.1.1.7.0, 11.1.2.0.0, 11.1.2.1.0, 11.1.2.2.0
It references Note 1643382.1, which is not accessible (why?!)

III. Summary

Based on the above, how should the reported vulnerability in the oam-config.xml be addressed?

Solution

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

Goal

Background

Solution

References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

Oracle Access Manager (OAM) Security Scan Reports An Unspecified Vulnerability (Doc ID 2921793.1)

Applies to:

Goal

Background

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!