Vulnerabilities Expose Oracle OAM 10g to Remote Session Hijacking
by Chris Brook July 12, 2017 , 8:18 am
Oracle’s next quarterly Critical Patch Update is slated for July 18, but two vulnerabilities in an older version of the company’s Oracle Access Manager (OAM) solution won’t be among the bugs patched.
Version 10g of the software, Oracle’s solution for web access management and user administration, suffers from two issues: an open redirect vulnerability, and the fact that it sends cookie values in GET requests.
Get the whole story here: