December 11, 2023

The US CISA warned organizations that a critical Oracle Fusion Middleware vulnerability patched in early 2022 is being exploited in attacks.

The vulnerability tracked as CVE-2021-35587 impacts Oracle Access Manager, which provides the Oracle Fusion Middleware single sign-on solution.

The flaw impacts the OpenSSO Agent component, which can allow an unauthenticated attacker with network access via HTTP to take control of Oracle Access Manager. Oracle patched this vulnerability during January 2022.

Advertisements

The researchers detailed their findings in March and noted that the flaw was discovered during the analysis of what they called a ‘mega’ Fusion Middleware vulnerability that Oracle took six months to patch.

PoC exploits have also been available for several months, with that malicious actors attempted to exploit CVE-2021-35587. During September, the exploit started to pick up, and in the next two months, it gone peak.

CISA has added CVE-2021-35587 to its Known Exploited Vulnerabilities Catalog and instructed federal agencies to address it by December 19.

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

TheCyberThrone Security Week In Review – December 2nd & 10th, 2023

December 10, 2023

5Ghoul Vulnerabilities affects 5G devices

December 10, 2023

Microsoft EDGE Browser Critical Sandbox Escape Vulnerability – CVE-2023-35618

December 9, 2023

WordPress POP CMS Vulnerability

December 9, 2023

Apache Struts fixes Critical Vulnerability – CVE-2023-50164

December 8, 2023

Meta enables Messenger with E2EE by Default

December 8, 2023 2
%d