Threat Watch

CISA Adds Oracle Access Manager Exploit to Known Exploited Vulnerabilities Catalog

On Monday the United States Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2021-35587, a critical-severity flaw in Oracle Fusion Middleware, to their Known Exploited Vulnerabilities catalog. The vulnerability affects Oracle Access Manager (OAM) versions 11.1.2.3.0, 12.2.1.3.0, and 12.2.1.4.0, and CISA reports evidence of active exploitation. This CVE was first published in January 2022, and was addressed that month via a critical patch.

Subscribe to Threat Watch

Daily summaries of threats, delivered straight to your inbox!


Click Here to Subscribe to Threat Watch

ANALYST NOTES

A proof-of-concept (PoC) has existed as early as March 2022, so companies running vulnerable versions of OAM should patch as soon as their patch management program allows. Additionally, since the exploit has existed for so long, it is reasonable to assume active exploitation has been taking place since then, and all vulnerable OAM systems should be treated as such.

https://thehackernews.com/2022/11/cisa-warns-of-actively-exploited.html

Facebook Twitter Instagram Youtube Linkedin
Solutions
Become a Reseller

Industries

Resources

About

Contact Us
Contact Support