Oracle Access Manager Unauthenticated Attacker Vulnerability CVE-2021-35587

Mar 16, 2022 1 min read

CVE-2021-35587

Description

POC for CVE-2021-35587: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager.
create by antx at 2022-03-14.

Detail

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent).
Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager.
Successful attacks of this vulnerability can result in takeover of Oracle Access Manager.

CVE Severity

attackComplexity: LOW
attackVector: NETWORK
availabilityImpact: HIGH
confidentialityImpact: HIGH
integrityImpact: HIGH
privilegesRequired: NONE
scope: UNCHANGED
userInteraction: NONE
version: 3.1
baseScore: 9.8
baseSeverity: CRITICAL

Affect

Access Manager
- 11.1.2.3.0
- 12.2.1.3.0
- 12.2.1.4.0

POC

Poc

Reference

Ref-Source
- Oracle Access Manager pre-authentication Remote Code Execution CVE-2020-35587
- Nuclei POC <CVE-2021-35587>
Ref-Risk
- NVD<CVE-2021-35587>
CVE
- CVE-2021-35587
- NVD<CVE-2021-35587>
Ref-Poc-Engine
- pocx

GitHub

John was the first writer to have joined pythonawesome.com. He has since then inculcated very effective writing and reviewing culture at pythonawesome which rivals have found impossible to imitate.