Summary
Improvements have been made to how Nessus plugins determine the active version of Oracle Enterprise Manager Cloud Control.

How Patch Mapping Works for Oracle Enterprise Manager Cloud Control Scans
Prior to these improvements, the Enterprise Manager Cloud Control version was determined by mapping installed patch IDs to a version number based on a lookup/mapping table that we maintain and ship to scanners as part of the feed. The process is as follows:

Installed patches for most Oracle products, including Enterprise Manager Cloud Control, are enumerated in one of two possible ways:

1. Linux Local Detections: oracle_enum_products_nix.bin (plugin ID 71642, requires SSH credentials)
2. Windows Local Detections: oracle_enum_products_win.nbin (plugin ID 71643, requires SMB credentials)

Both of the above plugins store patch information in a temporary database known as the “scratchpad” (a temporary SQLite Database), for later reference.

Plugin ID 80965 (oracle_enterprise_manager_installed.nbin) collects this information, and then reports the respective installs and their determined versions (patch levels) by comparing detected installed patches to the Tenable managed patch mapping table.

Problem
This process alone is sometimes problematic, as Oracle releases their patches in stages or sometimes outside of the regular CPU cadence. As our mapping table is manually maintained, some patches are not mapped in time for vulnerability plugin releases, which is a semi-automated process. We have had several instances where our mapping table was not updated in a timely manner - either because Oracle released a new patch ID in an out of band cycle or they released a patch ID that we do not have visibility on. If our scan fails to identify a patch ID that exists in our mapping table, only the base version is reported (e.g. 12.2.1.4.0), possibly resulting in False Positive findings.

Improvements
We have identified additional methods of determining the version number, including the patch level, without depending solely on the mapping tables.  Plugin ID 80965 will now first attempt to use the new method of determining the version directly and will fall back to the findings of the mapping table if needed. The existing mapping tables are still checked, and a version comparison is performed to determine the highest patch level present.

For Enterprise Manager Cloud Control, plugin ID 80965 will now also report all of the installed patches for the ORACLE_HOME in which the detected Enterprise Manager product  resides.

Expected Impact
Improved accuracy in version detections for Oracle Enterprise Manager Cloud Control, resulting in fewer false positives in downstream vulnerability detection plugins.

Impacted Plugins
- 80965  - oracle_enterprise_manager_installed.nbin
- Potentially any Oracle Enterprise Manager Cloud Control vulnerability check plugins (e.g 209256)

Targeted Release Date
- Monday, June 30, 2025