Oracle Access Manager Information Disclosure (October 2015 CPU)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote host has a Single Sign On (SSO) application installed that
is affected by an information disclosure vulnerability.

Description :

The version of Oracle Access Manager installed on the remote host is
affected by an information disclosure vulnerability due to an
unspecified flaw in the SSO Engine subcomponent. An unauthenticated,
remote attacker can exploit this to disclose sensitive information.

See also :

http://www.nessus.org/u?75a4a4fb

Solution :

Apply the appropriate patches according to the October 2015 Oracle
Critical Patch Update advisory.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.2
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 86478 ()

Bugtraq ID:

CVE ID: CVE-2015-4912

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now