Summary
Improvements have been made to how Nessus plugins determine the active version of Oracle Enterprise Manager  Agent.

How Patch Mapping Works for Oracle Enterprise Manager Agent Scans
Prior to these improvements, the Enterprise Manager Agent version was determined by mapping installed patch IDs to a version number based on a lookup/mapping table that we maintain and ship to scanners as part of the feed.

Installed patches for most Oracle products, including Enterprise Manager Cloud Control and Agent, are enumerated in one of two possible ways:

1. Linux Local Detections: oracle_enum_products_nix.bin (plugin ID 71642, requires SSH credentials)
2. Windows Local Detections: oracle_enum_products_win.nbin (plugin ID 71643, requires SMB credentials)

Both of the above plugins store patch information in a temporary database known as the “scratchpad” (a temporary SQLite Database), for later reference.

Plugin ID  86575  (oracle_enterprise_manager_agent_installed.nbin) reports only the base version (e.g 13.5.0.0.0). The full version (patch level) is determined, processed for the relevant vulnerabilities and reported in the individual vulnerability plugins (e.g plugin ID 192753), again by referencing a Tenable managed mapping table. 

Problem
This process alone is sometimes problematic, as Oracle releases their patches in stages or sometimes outside of the regular CPU cadence. As our mapping table is manually maintained, some patches are not mapped in time for vulnerability plugin releases, which is a semi-automated process. We have had several instances where our mapping table was not updated in a timely manner - either because Oracle released a new patch ID in an out of band cycle or they released a patch ID that we do not have visibility on. If our scan fails to identify a patch ID that exists in our mapping table, only the base version is reported (e.g. 13.5.0.0.0), possibly resulting in False Positive findings.

Improvements
We have identified additional methods of determining the version number, including the patch level, without depending solely on the mapping tables.  Plugin ID 86575 will now first attempt to use the new method of determining the version directly and will fall back to the findings of the mapping table if needed. The existing mapping tables are still checked, and a version comparison is performed to determine the highest patch level present.

For Enterprise Manager Agent, the vulnerability plugins like 192753 will no longer need to determine for themselves the installed version (patch level), as this will now be done via the underlying detection plugin, 86575. This plugin will now also report all of the installed patches for the ORACLE_HOME in which the detected Enterprise Manager Agent  product  resides.

Expected Impact
Improved accuracy in version detections for Oracle Enterprise Manager, resulting in fewer false positives in downstream vulnerability detection plugins.

Impacted Plugins
- 86575  - oracle_enterprise_manager_agent_installed.nbin
- All Oracle Enterprise Manager  Agent local vulnerability check plugins (e.g 192753)

Targeted Release Date
- Wednesday, July 2, 2025