Version 10g of Oracle Access Manager suffers from vulnerabilities that could allow an attacker to hijack sessions.
Source: Threadpost