May 29, 2023

The US CISA warned organizations that a critical Oracle Fusion Middleware vulnerability patched in early 2022 is being exploited in attacks.

The vulnerability tracked as CVE-2021-35587 impacts Oracle Access Manager, which provides the Oracle Fusion Middleware single sign-on solution.

The flaw impacts the OpenSSO Agent component, which can allow an unauthenticated attacker with network access via HTTP to take control of Oracle Access Manager. Oracle patched this vulnerability during January 2022.

Advertisements

The researchers detailed their findings in March and noted that the flaw was discovered during the analysis of what they called a ‘mega’ Fusion Middleware vulnerability that Oracle took six months to patch.

PoC exploits have also been available for several months, with that malicious actors attempted to exploit CVE-2021-35587. During September, the exploit started to pick up, and in the next two months, it gone peak.

CISA has added CVE-2021-35587 to its Known Exploited Vulnerabilities Catalog and instructed federal agencies to address it by December 19.

Tags:

Leave a Reply

You may have missed

CrowdStrike strategy dominates MDR Market

CrowdStrike strategy dominates MDR Market

May 28, 2023
TheCyberThrone Security Week In Review–May 27, 2023

TheCyberThrone Security Week In Review–May 27, 2023

May 28, 2023
Zyxel Patches Critical Buffer Overflow Vulnerability

Zyxel Patches Critical Buffer Overflow Vulnerability

May 27, 2023
Apria Data Breach affects 2 million customers

Apria Data Breach affects 2 million customers

May 27, 2023
CosmicEnergy Malware Shutting Electric grid

CosmicEnergy Malware Shutting Electric grid

May 27, 2023
Operation Magalenha from Brazil

Operation Magalenha from Brazil

May 27, 2023
%d bloggers like this: