{"id":223,"date":"2018-05-03T14:03:56","date_gmt":"2018-05-03T14:03:56","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/28923\/Oracle-Access-Manager-Lets-Anyone-Access-Protected-Data.html"},"modified":"2018-05-03T14:03:56","modified_gmt":"2018-05-03T14:03:56","slug":"oracle-access-manager-lets-anyone-access-protected-data","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/oracle-access-manager-lets-anyone-access-protected-data\/","title":{"rendered":"Oracle Access Manager Lets Anyone Access Protected Data"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/zdnet4.cbsistatic.com\/hub\/i\/r\/2018\/05\/03\/6216af86-58b9-47e0-af5e-c5a8b6f84a55\/thumbnail\/770x578\/670e84a44686c67543154a048de72b76\/oracleistock-487330908.jpg\" class=\"ff-og-image-inserted\"\/><\/div>\n<p><em>Video: Oracle urges customers to install latest patch: It fixes 254 vulnerabilities.<\/em><\/p>\n<div class=\"relatedContent alignRight\">\n<h3 class=\"heading\"><span class=\"int\">More security news<\/span><\/h3>\n<\/div>\n<p>A bug that Oracle recently patched broke the main functionality of Oracle Access Manager (OAM), which should only give authorized users access to protected enterprise data.<\/p>\n<p>OAM provides an authentication function for web applications based on Oracle Fusion Middleware. It can be used to provide and block access to external mobile and cloud applications.<\/p>\n<p>However, researchers at Austrian security firm SEC-Consult <a href=\"https:\/\/www.sec-consult.com\/en\/blog\/2018\/05\/oracle-access-managers-identity-crisis\/#OAMBlogpost-Demo\" target=\"_blank\">found<\/a> a flaw in OAM&#8217;s cryptographic format that allowed them to create session tokens for any user, which the attacker could use to impersonate any legitimate user and access web apps that OAM should be protecting.<\/p>\n<p>As SEC-Consult explains, OAM-protected web servers feature an authentication component called an Oracle WebGate.<\/p>\n<p>When users attempt to access a protected resource from the web server, they&#8217;re bumped across to an OAM page to enter a username and password. If successful, they&#8217;re redirected back to the web application and can log in using an encrypted authentication token that&#8217;s stored in a browser cookie.<\/p>\n<p>However, a flaw in OAM&#8217;s custom cryptographic format allowed SEC-Consult researcher Wolfgang Ettlinger to use a <a href=\"https:\/\/en.wikipedia.org\/wiki\/Padding_oracle_attack\" target=\"_blank\">padding oracle attack<\/a> to decrypt the authentication token.<\/p>\n<section class=\"sharethrough-top\" data-component=\"medusaContentRecommendation\" data-medusa-content-recommendation-options=\"{&quot;promo&quot;:&quot;promo_ZD_recommendation_sharethrough_top_in_article_desktop&quot;,&quot;spot&quot;:&quot;dfp-in-article&quot;}\">\n<\/section>\n<p>&#8220;We found that a cryptographic format used by the OAM exhibits a serious flaw,&#8221; explained Ettlinger.<\/p>\n<p>&#8220;By exploiting this vulnerability, we were able to craft a session token. When a WebGate is presented with this token, it would accept it as a legitimate form of authentication and allow us to access protected resources.<\/p>\n<p>&#8220;What&#8217;s more, the session cookie crafting process lets us create a session cookie for an arbitrary username, thus allowing us to impersonate any user known to the OAM.&#8221;<\/p>\n<p>Oracle Fusion Middleware 11g and 12c were affected by the vulnerability in the OAM authentication engine, which is <a href=\"http:\/\/www.oracle.com\/technetwork\/security-advisory\/cpuapr2018-3678067.html\">tracked as CVE-2018-2879<\/a> and got a CVSS v3 score of 9.0 out of a possible 10 in Oracle&#8217;s April critical patch update.<\/p>\n<p>Ettlinger said there are two lessons to be drawn from the bug: &#8220;You do not roll your own crypto&#8221; and &#8220;You DO NOT roll your own crypto&#8221;.<\/p>\n<p>&#8220;Cryptography is very hard to get exactly right. Even when using standard implementations of algorithms, it is challenging to design a proper cryptographic format or protocol,&#8221; he wrote.<\/p>\n<p>&#8220;Quite often, seemingly secure implementations can exhibit serious vulnerabilities &#8212; and that goes way beyond the rather well-known padding oracle attack that was demonstrated here,&#8221; he wrote.&#8221;<\/p>\n<h3>Previous and related coverage<\/h3>\n<p><strong><a href=\"https:\/\/www.zdnet.com\/article\/oracle-critical-update-fixes-254-flaws-so-get-patching-now\/\">Oracle critical update fixes 254 flaws &#8212; so get patching now<\/a><\/strong><\/p>\n<p>Fixes for vulnerabilities spread across 20 products and a Solaris patch that addresses the Spectre processor flaw.<\/p>\n<p><strong><a href=\"https:\/\/www.zdnet.com\/article\/oracle-solaris-patch-theft-lands-it-support-ceo-in-jail-for-two-years\/\">Oracle Solaris patch theft lands IT-support CEO in jail for two years<\/a><\/strong><\/p>\n<p>Oracle is happy that Terix&#8217;s CEO is being jailed and fined $100,000.<\/p>\n<p><strong><a href=\"https:\/\/www.zdnet.com\/article\/meltdown-spectre-oracles-critical-patch-update-offers-fixes-against-cpu-attacks\/\">Meltdown-Spectre: Oracle&#8217;s critical patch update offers fixes against CPU attacks<\/a><\/strong><\/p>\n<p>The enterprise software giant is working on Spectre fixes for Solaris on Sparc V9.<\/p>\n<p><strong><a href=\"https:\/\/www.zdnet.com\/article\/oracle-pushes-second-emergency-patch-this-month-for-critical-server-vulnerability\/\">Oracle pushes emergency patch for critical Tuxedo server vulnerabilities<\/a><\/strong><\/p>\n<p>Two of the vulnerabilities have achieved a rating of 10 and 9.9 in severity.<\/p>\n<p>Read More <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/28923\/Oracle-Access-Manager-Lets-Anyone-Access-Protected-Data.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Read More HERE&#8230;<\/p>\n","protected":false},"author":1,"featured_media":224,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[133],"class_list":["post-223","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlinedatabaseflaworacle"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Oracle Access Manager Lets Anyone Access Protected Data 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/oracle-access-manager-lets-anyone-access-protected-data\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Oracle Access Manager Lets Anyone Access Protected Data 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/oracle-access-manager-lets-anyone-access-protected-data\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2018-05-03T14:03:56+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/oracle-access-manager-lets-anyone-access-protected-data.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"770\" \/>\n\t<meta property=\"og:image:height\" content=\"578\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"thadmin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@thadmin\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"thadmin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/oracle-access-manager-lets-anyone-access-protected-data\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/oracle-access-manager-lets-anyone-access-protected-data\\\/\"},\"author\":{\"name\":\"thadmin\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/b07e00649871a6dd150cd57b33f7db66\"},\"headline\":\"Oracle Access Manager Lets Anyone Access Protected Data\",\"datePublished\":\"2018-05-03T14:03:56+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/oracle-access-manager-lets-anyone-access-protected-data\\\/\"},\"wordCount\":518,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/oracle-access-manager-lets-anyone-access-protected-data\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/oracle-access-manager-lets-anyone-access-protected-data.jpg\",\"keywords\":[\"headline,database,flaw,oracle\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/oracle-access-manager-lets-anyone-access-protected-data\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/oracle-access-manager-lets-anyone-access-protected-data\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/oracle-access-manager-lets-anyone-access-protected-data\\\/\",\"name\":\"Oracle Access Manager Lets Anyone Access Protected Data 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/oracle-access-manager-lets-anyone-access-protected-data\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/oracle-access-manager-lets-anyone-access-protected-data\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/oracle-access-manager-lets-anyone-access-protected-data.jpg\",\"datePublished\":\"2018-05-03T14:03:56+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/oracle-access-manager-lets-anyone-access-protected-data\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/oracle-access-manager-lets-anyone-access-protected-data\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/oracle-access-manager-lets-anyone-access-protected-data\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/oracle-access-manager-lets-anyone-access-protected-data.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/oracle-access-manager-lets-anyone-access-protected-data.jpg\",\"width\":770,\"height\":578},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/oracle-access-manager-lets-anyone-access-protected-data\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,database,flaw,oracle\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinedatabaseflaworacle\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Oracle Access Manager Lets Anyone Access Protected Data\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/b07e00649871a6dd150cd57b33f7db66\",\"name\":\"thadmin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/64b2823a5e0933c780cab004122ddae4375b28e7a87014931eaea97478ab540f?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/64b2823a5e0933c780cab004122ddae4375b28e7a87014931eaea97478ab540f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/64b2823a5e0933c780cab004122ddae4375b28e7a87014931eaea97478ab540f?s=96&d=mm&r=g\",\"caption\":\"thadmin\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/thadmin\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Oracle Access Manager Lets Anyone Access Protected Data 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/oracle-access-manager-lets-anyone-access-protected-data\/","og_locale":"en_US","og_type":"article","og_title":"Oracle Access Manager Lets Anyone Access Protected Data 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/oracle-access-manager-lets-anyone-access-protected-data\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2018-05-03T14:03:56+00:00","og_image":[{"width":770,"height":578,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/oracle-access-manager-lets-anyone-access-protected-data.jpg","type":"image\/jpeg"}],"author":"thadmin","twitter_card":"summary_large_image","twitter_creator":"@thadmin","twitter_site":"@threatshub","twitter_misc":{"Written by":"thadmin","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/oracle-access-manager-lets-anyone-access-protected-data\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/oracle-access-manager-lets-anyone-access-protected-data\/"},"author":{"name":"thadmin","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/b07e00649871a6dd150cd57b33f7db66"},"headline":"Oracle Access Manager Lets Anyone Access Protected Data","datePublished":"2018-05-03T14:03:56+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/oracle-access-manager-lets-anyone-access-protected-data\/"},"wordCount":518,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/oracle-access-manager-lets-anyone-access-protected-data\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/oracle-access-manager-lets-anyone-access-protected-data.jpg","keywords":["headline,database,flaw,oracle"],"articleSection":["Packet Storm"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/oracle-access-manager-lets-anyone-access-protected-data\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/oracle-access-manager-lets-anyone-access-protected-data\/","url":"https:\/\/www.threatshub.org\/blog\/oracle-access-manager-lets-anyone-access-protected-data\/","name":"Oracle Access Manager Lets Anyone Access Protected Data 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/oracle-access-manager-lets-anyone-access-protected-data\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/oracle-access-manager-lets-anyone-access-protected-data\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/oracle-access-manager-lets-anyone-access-protected-data.jpg","datePublished":"2018-05-03T14:03:56+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/oracle-access-manager-lets-anyone-access-protected-data\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/oracle-access-manager-lets-anyone-access-protected-data\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/oracle-access-manager-lets-anyone-access-protected-data\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/oracle-access-manager-lets-anyone-access-protected-data.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/oracle-access-manager-lets-anyone-access-protected-data.jpg","width":770,"height":578},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/oracle-access-manager-lets-anyone-access-protected-data\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,database,flaw,oracle","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinedatabaseflaworacle\/"},{"@type":"ListItem","position":3,"name":"Oracle Access Manager Lets Anyone Access Protected Data"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/b07e00649871a6dd150cd57b33f7db66","name":"thadmin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/64b2823a5e0933c780cab004122ddae4375b28e7a87014931eaea97478ab540f?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/64b2823a5e0933c780cab004122ddae4375b28e7a87014931eaea97478ab540f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/64b2823a5e0933c780cab004122ddae4375b28e7a87014931eaea97478ab540f?s=96&d=mm&r=g","caption":"thadmin"},"sameAs":["https:\/\/x.com\/thadmin"]}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/223","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=223"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/223\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/224"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=223"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=223"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=223"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}