Piotr Domirski

**Name of the Vulnerable Software and Affected Versions** Oracle Access Manager versions 11.1.2.3.0 and 12.2.1.3.0 **Description** The issue is related to a resource release error in the Federation subcomponent of Oracle Access Manager, part of Oracle Fusion Middleware. It allows an unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager, requiring human interaction from a person other than the attacker. Successful attacks can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Access Manager. **Recommendations** For version 11.1.2.3.0, update to a version that includes the fix for this issue. For version 12.2.1.3.0, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Federation subcomponent until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Hitachi Device Manager versions prior to 8.5.2-01 Hitachi Replication Manager versions prior to 8.5.2-00 **Description** A cross-site scripting issue allows authenticated remote users to execute arbitrary JavaScript code. **Recommendations** For Hitachi Device Manager versions prior to 8.5.2-01, update to version 8.5.2-01 or later. For Hitachi Replication Manager versions prior to 8.5.2-00, update to version 8.5.2-00 or later.