Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
TJMcCann
Occasional Contributor
Occasional Contributor

Authentication Manager 8.4 P10 - CVE-2020-2551

Jump to solution

Hello,

 

  Has CVE-2020-2551 been addressed in Authentication Manager 8.4 P10? P09 shows that it is running WebLogic 12.2.1.3.0 which is vulnerable.

 

thanks

vr/ TJ

Labels (1)
0 Likes
1 Solution

Accepted Solutions
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor

CVE-2020-2551 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.

Response: The flaw exists but cannot be exploited. The RSA Authentication Manager does not use this feature (IIOP).

View solution in original post

3 Replies
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor

CVE-2020-2551 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.

Response: The flaw exists but cannot be exploited. The RSA Authentication Manager does not use this feature (IIOP).

TJMcCann
Occasional Contributor
Occasional Contributor

Thank you Jay.  Does the same apply to the Web Tier?

0 Likes

Terrence McCann‌ 
Yes that also applies to Web Tier as well.