SecurID^® Discussions

TJMcCann · ‎2020-03-09

Hello,

Has CVE-2020-2551 been addressed in Authentication Manager 8.4 P10? P09 shows that it is running WebLogic 12.2.1.3.0 which is vulnerable.

thanks

vr/ TJ

JayGuillette · ‎2020-03-09

CVE-2020-2551 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.

Response: The flaw exists but cannot be exploited. The RSA Authentication Manager does not use this feature (IIOP).

View solution in original post

JayGuillette · ‎2020-03-09

CVE-2020-2551 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.

Response: The flaw exists but cannot be exploited. The RSA Authentication Manager does not use this feature (IIOP).

TJMcCann · ‎2020-03-10

Thank you Jay. Does the same apply to the Web Tier?

MohamedSaber · ‎2020-03-11

Terrence McCann‌
Yes that also applies to Web Tier as well.

SecurID® Discussions

Authentication Manager 8.4 P10 - CVE-2020-2551

RSA Authentication Manager

SecurID^® Discussions