CISA Warns of Actively Exploited Critical Oracle Fusion Middleware Vulnerability

2022-11-29 04:20

The U.S. Cybersecurity and Infrastructure Security Agency on Monday added a critical flaw impacting Oracle Fusion Middleware to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation.

The vulnerability, tracked as CVE-2021-35587, carries a CVSS score of 9.8 and impacts Oracle Access Manager versions 11.1.2.3.0, 12.2.1.3.0, and 12.2.1.4.0.

Successful exploitation of the remote command execution bug could enable an unauthenticated attacker with network access to completely compromise and take over Access Manager instances.

"It may give the attacker access to OAM server, to create any user with any privileges, or just get code execution in the victim's server," Vietnamese security researcher Nguyen Jang, who reported the bug alongside peterjson, noted earlier this March.

The issue was addressed by Oracle as part of its Critical Patch Update in January 2022.

Also added by CISA to the KEV catalog is the recently patched heap buffer overflow flaw in the Google Chrome web browser that the internet giant acknowledged as having been abused in the wild.

News URL

http://thehackernews.com/2022/11/cisa-warns-of-actively-exploited.html

#cisa #critical #middleware #oracle #vulnerability #CVE-2021-35587

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2022-01-19	CVE-2021-35587	Unspecified vulnerability in Oracle Access Manager 11.1.2.3.0/12.2.1.3.0/12.2.1.4.0 Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). network low complexity oracle critical	9.8

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Oracle		966	1139	6144	1112	739	9134

News URL

Related news

Related Vulnerability

Related vendor