CVE-2021-35587

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in takeover of Oracle Access Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:oracle:access_manager:11.1.2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:access_manager:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*

History

25 Sep 2024, 19:35

Type Values Removed Values Added
CWE CWE-306

08 Aug 2023, 14:22

Type Values Removed Values Added
CWE NVD-CWE-noinfo NVD-CWE-Other

Information

Published : 2022-01-19 12:15

Updated : 2024-09-26 14:13


NVD link : CVE-2021-35587

Mitre link : CVE-2021-35587

CVE.ORG link : CVE-2021-35587


JSON object : View

Products Affected

oracle

  • access_manager
CWE
NVD-CWE-Other CWE-306

Missing Authentication for Critical Function