This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.

How to display Web Logic version information in RSA Authentication Manager ver. 8.x

Article Number

000039353

Applies To

RSA Product Set: RSA SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.X
 

Issue

Vulnerability Findings indicate an Oracle Critical Patch Update, CPU is lacking or not found

QID 87421, Oracle WebLogic Server Multiple Vulnerabilities (CPUJUL2020)
QID 87416, Oracle WebLogic Server Multiple Vulnerabilities (CPUAPR2020)
QID 87411, Oracle WebLogic Server Multiple Vulnerabilities (CPUJAN2020)
QID 87396, Oracle WebLogic Server Multiple Vulnerabilities (CPUOCT2019)
QID 87392, Oracle WebLogic Server Multiple Vulnerabilities (CPUJUL2019)
QID 87385, Oracle WebLogic Server Multiple Vulnerabilities (CPUAPR2019)
QID 87375, Oracle WebLogic Server Multiple Vulnerabilities (CPUJAN2019)

Authentication Manager implements Oracle Web Logic in both the AM Servers and Web Tiers, and therefore specific patch updates include later CPUs, as documented in patch readme files and update release notes, as well as in DSA announcements on RSA Link.

But often the documentation is not clear as to which Oracle Web Logic is included, e.g.
Version 8.4 Patch 12 Defects Fixed lists "AM-37489. Updated the version of Oracle WebLogic used by the RSA Authentication Manager"
Version 8.4 Patch 13 Defects Fixed lists "AM-36747. Updated Authentication Manager WebLogic components to prevent potential security vulnerabilities." 

Sometimes a Post on RSA link will address this issue, but that means another post for every Scan finding every quarter.
 

Task

  1. SSH into Linux (or gain console access on Windows Web Tier).
  2. Run the Oracle Web Logic opatch utility to see detailed information on the version of Web Logic as well as specific bug fixes from specific CPU patches.
AM Linux location is /opt/rsa/am/appserver/wls/OPatch/
Web Tier Linus location is /opt/RSASecurity/RSAAuthenticationManagerWebtier/appserver/wls/OPatch/

Resolution

  1. SSH into AM or Web Tier, Change directories in Linux the default locations
                 cd /opt/rsa/am/appserver/wls/OPatch/  for AM
                 cd /opt/RSASecurity/RSAAuthenticationManagerWebtier/appserver/wls/OPatch/ for Linux Web Tier

    The Web Tier is a default location, yours could be different if not installed in Default location of /opt/RSASecurity/RSAAuthenticationManagerWebtier/ - the Windows Web Tier default location is C:\RSASecurity\RSAAuthenticationManagerWebtier.  
     
  2. rsaadmin@am83p:/opt/rsa/am/appserver/wls/OPatch> ./opatch lspatches
    Patch description:  "WLS PATCH SET UPDATE 12.2.1.3.0(ID:200227.1409)"
    Patch description:  "One-off"
         This shows specific patch and build information on an AM 8.4 P13 Server. 

    example on older Web tier
    /opt/RSASecurity/RSAAuthenticationManagerWebtier/appserver/wls/OPatch
    ./opatch lspatches
    Patch description:  "WLS PATCH SET UPDATE 12.1.3.0.180116"
     
Sometimes you need to verify patches or bug fixes, use ./opatch lsinventory. 

If you need to display which Web Logic Protocols are utilized in the AM deployment of Web Logic, you can use java to display this information.

On AM 8.x server
/opt/rsa/am/appserver/jdk/bin/java -cp /opt/rsa/am/appserver/wls/wlserver/server/lib/weblogic.jar weblogic.version -verbose

The output includes one-off patches on top of the CPU and Protocols

OPatch Patches:
30965714;23416257;Wed Jun 17 16:27:59 EDT 2020;WLS PATCH SET UPDATE 12.2.1.3.0(ID:200227.1409)
26355633;21447583;Thu Apr 16 00:13:45 EDT 2020;One-off
26287183;21447582;Thu Apr 16 00:13:28 EDT 2020;One-off
26261906;21344506;Thu Apr 16 00:13:01 EDT 2020;One-off
26051289;21455037;Thu Apr 16 00:12:52 EDT 2020;One-off

SERVICE NAME                    VERSION INFORMATION
============                    ===================
Web Services Execution Engine   1.0
Managed Beans Container         1.0
Post Admin Singleton Services   1.0
Pre Admin Singleton Services S  1.0
Singleton Services Batch Manag  1.0
Kernel                          Commonj WorkManager v1.1
CorbaService                    CORBA 2.3, IIOP 1.2, RMI-IIOP SFV2, OTS 1.2, CSIv2 Level 0 + Stateful
TimerService                    Commonj TimerManager v1.1
JDBCService                     JSR-221, JDBC 4.0
Enterpise Java Beans Container  EJB 3.2
CustomResourceServerService     1.0.0.0
Transaction Service             JTA 1.1
Transaction Stop Service        JTA 1.1
Servlet Container               Servlet 3.1, JSP 2.3
XMLService                      XML 1.1

On Web Tier 
[webtier@am83wt OPatch]$ /opt/RSASecurity/RSAAuthenticationManagerWebtier/appserver/jdk/bin/java -cp /opt/RSASecurity/RSAAuthenticationManagerWebtier/appserver/wls/wlserver/server/lib/weblogic.jar weblogic.version -verbose

WebLogic Server 12.1.3.0.0  Wed May 21 18:53:34 PDT 2014 1604337  ImplVersion: 12.1.3.0.0
Oracle WebLogic Server Module Dependencies 12.1 Tue Mar 11 15:35:15 MDT 2014  ImplVersion: 12.1.3.0
Oracle Universal Connection Pool ImplVersion: 12.1.0.2.0
Oracle Security Developer Tools Security Engine ImplVersion: 3.1.0
Oracle Security Developer Tools Crypto ImplVersion: 3.1.0
WebLogic EclipseLink Integration 3.1 Mon Sep 9 22:09:00 UTC 2013  ImplVersion: 3.1.0.0
WebLogic Diagnostics Instrumentor Config Tool 3.1 Tue Feb 18 11:58:08 MST 2014  ImplVersion: 3.1.0.0
WebLogic Datasource 2.3 Binding Bundle ImplVersion: 2.3.0.0
WebLogic Beangen 3.0 Binding Bundle ImplVersion: 3.0.0.0
WebLogic Management Core Interfaces 4.1 Binding Bundle ImplVersion: 4.1.0.0
WebLogic Application Descriptors 3.0 Binding Bundle ImplVersion: 3.0.0.0
WebLogic Descriptors for J2EE 3.0 Binding Bundle ImplVersion: 3.0.0.0
WebLogic Specific Descriptors 4.0 Binding Bundle ImplVersion: 4.0.0.0
WebLogic Coherence Descriptor 4.0 Binding Bundle ImplVersion: 4.0.0.0
WebLogic Coherence App Descriptor 1.1 Binding Bundle ImplVersion: 1.1.0.0
WebLogic Application Descriptors 3.0 Sun Jul 21 11:38:30 EDT 2013  ImplVersion: 3.0.0.0
WebLogic Descriptors for J2EE 3.0 Mon Feb 17 12:42:55 MST 2014  ImplVersion: 3.0.0.0
WebLogic Specific Descriptors 4.0 Thu Mar 6 19:54:02 MST 2014  ImplVersion: 4.0.0.0
WebLogic Descriptor Client Capable 2.2 Tue Feb 18 11:58:08 MST 2014  ImplVersion: 2.2.0.0
WebLogic Coherence Descriptor 4.0 Wed Dec 11 08:53:45 MST 2013  ImplVersion: 4.0.0.0
WebLogic Coherence App Descriptor 1.1 Mon Sep 9 22:09:00 UTC 2013  ImplVersion: 1.1.0.0
WebLogic JSF Feature Module 12.1 Sun Jul 21 12:12:42 EDT 2013  ImplVersion: 12.1.3.0
WebLogic i18n Runtime Support Client Capable 3.0 Tue Feb 18 11:58:08 MST 2014  ImplVersion: 3.0.0.0
WebLogic i18n Build Support Client Capable 4.0 Tue Feb 18 11:58:08 MST 2014  ImplVersion: 4.0.0.0
WebLogic I18N tools Client Capable 3.1 Tue Feb 18 11:58:08 MST 2014  ImplVersion: 3.1.0.0
Oracle Cooperative Memory Management Lower Tier Client Capable 1.0 Thu Mar 6 13:41:35 MST 2014  ImplVersion: 1.0.0.0
WebLogic Jersey Common Integration 1.2 Fri Aug 23 02:53:55 UTC 2013  ImplVersion: 1.2
WebLogic Jersey Client Integration 3.0 Tue Feb 18 08:20:38 MST 2014  ImplVersion: 1.0
WebLogic Jersey Server Integration 3.0 Fri Feb 21 10:55:11 UTC 2014  ImplVersion: 1.0
Oracle Config Wizard Launch Manifest Jar 8.1 Tue Jan 28 05:51:13 PST 2014 ImplVersion: 12.1.3.0
Oracle Help Share ImplVersion: JDEVADF_12.1.3.0.0_GENERIC_140521.1008.S
Oracle Help for Java ImplVersion: JDEVADF_12.1.3.0.0_GENERIC_140521.1008.S
WebLogic Config Wizard Schema 8.1 Thu May 29 17:04:45 PDT 2014 ImplVersion: 12.1.3.0
WebLogic CIE Config API 1.0 Wed Aug 28 11:19:53 PDT 2013 ImplVersion: 1.0.0.0
WebLogic Config Wizard 8.1 Thu May 29 17:04:49 PDT 2014 ImplVersion: 8.1.0.0
WebLogic java compiler utils package Client Capable 2.2 Fri Dec 27 02:56:57 UTC 2013  ImplVersion: 2.2.0.0
WebLogic WebApp Container Public API Client Capable 4.0 Wed Mar 26 21:48:07 MDT 2014  ImplVersion: 4.0.0.0

SERVICE NAME                    VERSION INFORMATION
============                    ===================
Kernel                          Commonj WorkManager v1.1
TimerService                    Commonj TimerManager v1.1
CorbaService                    CORBA 2.3, IIOP 1.2, RMI-IIOP SFV2, OTS 1.2, CSIv2 Level 0 + Stateful
XMLService                      XML 1.1
Transaction Service             JTA 1.1
JDBCService                     JSR-221, JDBC 4.0
CustomResourceServerService     1.0.0.0
Servlet Container               Servlet 3.0, JSP 2.2
Pre Admin Singleton Services S  1.0
Singleton Services Batch Manag  1.0
Post Admin Singleton Services   1.0

[webtier@am83wt OPatch]$
 

Notes

Oracle WebLogic Critical Patch Update, CPU
Oracle WebLogic Server 12.2.1.3.0 
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2021-04-24 04:24 AM
Updated by:
Administrator Administrator

Related Content

© 2022 RSA Security LLC or its affiliates. All rights reserved.