TROYANOSYVIRUS
Volver a CVEs

CVE-2021-35587

CRITICALCISA KEV
9.8

Descripcion

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in takeover of Oracle Access Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Detalles CVE

Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado1/19/2022
Ultima modificacion10/27/2025
Fuentekev
Avistamientos honeypot0

CISA KEV

VendedorOracle
ProductoFusion Middleware
Nombre vulnerabilidadOracle Fusion Middleware Unspecified Vulnerability
Fecha inclusion KEV2022-11-28
Fecha limite remediacion2022-12-19
Uso en ransomwareUnknown

Productos afectados

oracle:access_manager

Debilidades (CWE)

CWE-306

Referencias

https://www.oracle.com/security-alerts/cpujan2022.html(secalert_us@oracle.com)
https://www.oracle.com/security-alerts/cpujan2022.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-35587(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.