Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in takeover of Oracle Access Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
History

Wed, 25 Sep 2024 19:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-306
Metrics kev

{'dateAdded': '2022-11-28'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published: 2022-01-19T11:21:42

Updated: 2024-09-25T19:03:17.662Z

Reserved: 2021-06-28T00:00:00

Link: CVE-2021-35587

cve-icon Vulnrichment

Updated: 2024-08-04T00:40:47.369Z

cve-icon NVD

Status : Modified

Published: 2022-01-19T12:15:09.727

Modified: 2024-11-21T06:12:35.493

Link: CVE-2021-35587

cve-icon Redhat

No data.