Oracle The perfect SSO account takeover with Oracle OAM (CVE-2018-2739) TL;DR This weakness allows us to bypass the URL filtering on the RH parameter which could be used to hijack the session of any user when following a particularly