Security News > 2022 > November > Pre-auth RCE in Oracle Fusion Middleware exploited in the wild (CVE-2021-35587)

Pre-auth RCE in Oracle Fusion Middleware exploited in the wild (CVE-2021-35587)
2022-11-29 11:04

A pre-authentication RCE flaw in Oracle Access Manager that has been fixed in January 2022 is being exploited by attackers in the wild, the Cybersecurity and Infrastructure Security Agency has confirmed by adding the vulnerability to its Known Exploited Vulnerabilities Catalog.

The vulnerability is in the OpenSSO Agent component of the Oracle Access Manager product, which is widely used by corporations for single sign-on as part of the Oracle Fusion Middleware suite.

It may allow an unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager and use it to create users with any privileges or to execute arbitrary code on the victim's server, Jang explained earlier this year.

The vulnerability affected v11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0 of Oracle Access Manager and has been patched in those supported versions, but according to Jang, it also affects Oracle Weblogic Server 11g and OAM 11g, which stopped being supported on January 1, 2022, and therefore don't have a patch available for this RCE. Active exploitation.

Several proof-of-concept exploits for CVE-2021-35587 have been published on GitHub after Jang and Peterjson released part of theirs in March 2022, but according to CISA, successful exploitation attempts have now been detected.

The fact that this vulnerability has made it into the KEV catalog means that US Federal Civilian Executive Branch agencies are required to implement the patches by December 19, 2022, but CISA "Strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice."


News URL

https://www.helpnetsecurity.com/2022/11/29/cve-2021-35587-exploited/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-01-19 CVE-2021-35587 Unspecified vulnerability in Oracle Access Manager 11.1.2.3.0/12.2.1.3.0/12.2.1.4.0
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent).
network
low complexity
oracle
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Oracle 781 388 3148 2078 432 6046