Lalit Naphade

**Name of the Vulnerable Software and Affected Versions** Oracle Access Manager versions 11.1.2.3.0 and 12.2.1.3.0 **Description** The issue is related to the Authentication Engine component of Oracle Access Manager in Oracle Fusion Middleware, which lacks protection of internal data. This allows a low-privileged attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks require human interaction from a person other than the attacker and can result in unauthorized update, insert, or delete access to some of Oracle Access Manager's accessible data, as well as unauthorized read access to a subset of Oracle Access Manager's accessible data. **Recommendations** For version 11.1.2.3.0, update to a version that includes the fix for this issue. For version 12.2.1.3.0, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Authentication Engine component until a patch is available.