CVE-2018-2587

Name of the Vulnerable Software and Affected Versions Oracle Access Manager versions 10.1.4.3.0, 11.1.2.3.0, 12.2.1.3.0

Description The issue is related to the Web Server Plugin component of Oracle Access Manager in Oracle Fusion Middleware, which can be exploited by an unauthenticated attacker with network access via HTTP. This allows the attacker to compromise Oracle Access Manager, resulting in unauthorized creation, deletion, or modification access to critical data or all accessible data, as well as unauthorized read access to a subset of accessible data. The vulnerability is difficult to exploit and is related to the lack of protection for service data.

Recommendations For version 10.1.4.3.0, update to a fixed version to resolve the issue. For version 11.1.2.3.0, update to a fixed version to resolve the issue. For version 12.2.1.3.0, update to a fixed version to resolve the issue. As a temporary workaround, consider restricting access to the Web Server Plugin component until a patch is available.