The Primary and Replicas are 'appliances' which means it is not supported to apply your own fixes to the underlying components of Suse Linux, Oracle Web Logic, postgres DB, etc...
As soon as Oracle announces their quarterly Critical Patch Update, CPU, RSA Engineering begins the process of incorporating those fixes into a patch or Service pack for AM, and if needed for the Web Tiers.
AM 8.4 Patch 14 and AM 8.5 patch1 include Oracle CPU from July 2020.
Oracle recently announced its quarterly October 2020 CPU, - Oracle Critical Patch Update Advisory - October 2020
then announced an additional hot fix on Nov. 1, 2020. - Oracle Security Alert - CVE-2020-14750
These Oracle updates/hot fixes will soon be included in RSA hot fixes for AM and Web Tier.
I can say right now there is an official Engineering Response/impact statement for; CVE-2020-14882 and CVE-2020-14883 from October CPU and CVE-2020-14750 from Nov. 1 Hot fix - They do not impact and cannot be exploited on either Authentication Manager or Web Tier. These are Web Logic Console vulnerabilities. AM and Web Tier do not deploy the Web Logic Console, nor will the Web Logic Console ports respond to any exploits against the console port.
If you have specific questions about specific CVEs in your scan, I would probably open a support case to discuss privately as opposed to posting them here on RSA Link.
Any other specific vulnerabilities or CVEs from the Oracle October 2020 CPU will be addressed in an RSA Hot fix. This RSA hot fix will also include the fixes for CVE-2020-14882 and CVE-2020-14883, and CVE-2020-14750 even though they cannot be exploited.
Response: Ther flaw exists but cannot be exploited
