Exploit for #VU11932 Security restrictions bypass in Oracle Access Manager

Exploit for #VU11932 Security restrictions bypass in Oracle Access Manager

Published: 2020-03-18 | Updated: 2020-03-18

Vulnerability identifier: #VU11932

Vulnerability risk: High

CVSSv3.1: 8.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-2879

CWE-ID: CWE-264

Exploitation vector: Network

Exploits in database: 2

March 18, 2020
- oracle-oam-authentication-bypas-exploit (Exploit for Oracle Access Manager padding oracle vulnerability (CVE-2018-2879)) [Github]
- Oracle-OAM-Padding-Oracle-CVE-2018-2879-Exploit () [Github]

Impact: Code execution

Vulnerable software:
Oracle Access Manager
Server applications / Directory software, identity management

Vendor: Oracle