Skip to content

Oracle Access Manager Unauthenticated Attacker Vulnerability CVE-2021-35587

License

Notifications You must be signed in to change notification settings

twilson-bf/CVE-2021-35587

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

CVE-2021-35587


Description

  • POC for CVE-2021-35587: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager.
  • create by antx at 2022-03-14.

Detail

  • Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent).
  • Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager.
  • Successful attacks of this vulnerability can result in takeover of Oracle Access Manager.

CVE Severity

  • attackComplexity: LOW
  • attackVector: NETWORK
  • availabilityImpact: HIGH
  • confidentialityImpact: HIGH
  • integrityImpact: HIGH
  • privilegesRequired: NONE
  • scope: UNCHANGED
  • userInteraction: NONE
  • version: 3.1
  • baseScore: 9.8
  • baseSeverity: CRITICAL

Affect

  • Access Manager
    • 11.1.2.3.0
    • 12.2.1.3.0
    • 12.2.1.4.0

POC


Reference

About

Oracle Access Manager Unauthenticated Attacker Vulnerability CVE-2021-35587

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%