CVE-2021-35587

🗓️ 19 Jan 2022 11:21:42Reported by oracleType

cve🔗 web.nvd.nist.gov📰️ 17 Media mentions👁 804 Views🌐 WEB

Oracle Access Manager in Oracle Fusion Middleware OpenSSO Agent Vulnerabilit

Reporter	Title	Published	Views	Family All 30
GithubExploit	Exploit for Missing Authentication for Critical Function in Oracle Access_Manager	14 Mar 202205:03	–	githubexploit
GithubExploit	Exploit for Missing Authentication for Critical Function in Oracle Access_Manager	14 Mar 202205:03	–	githubexploit
ATTACKERKB	CVE-2021-35587	19 Jan 202200:00	–	attackerkb
Circl	CVE-2021-35587	19 Jan 202214:32	–	circl
CISA KEV Catalog	Oracle Fusion Middleware Unspecified Vulnerability	28 Nov 202200:00	–	cisa_kev
CNNVD	Oracle Fusion Middleware 安全漏洞	18 Jan 202200:00	–	cnnvd
CNVD	Oracle Access Manager is vulnerable to input validation errors	21 Jan 202200:00	–	cnvd
Check Point Advisories	Oracle Access Manager Authentication Bypass (CVE-2021-35587)	10 Apr 202200:00	–	checkpoint_advisories
Cvelist	CVE-2021-35587	19 Jan 202211:21	–	cvelist
Metasploit	Oracle Access Manager unauthenticated Remote Code Execution	8 Apr 202518:54	–	metasploit

NVD

Vulners

Node

oracle access_managerMatch11.1.2.3.0

oracle access_managerMatch12.2.1.3.0

oracle access_managerMatch12.2.1.4.0

[
  {
    "product": "Access Manager",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "11.1.2.3.0"
      },
      {
        "status": "affected",
        "version": "12.2.1.3.0"
      },
      {
        "status": "affected",
        "version": "12.2.1.4.0"
      }
    ]
  }
]

Source	Link
oracle	www.oracle.com/security-alerts/cpujan2022.html
cisa	www.cisa.gov/known-exploited-vulnerabilities-catalog

Parameter	Position	Path	Description	CWE
authIdentifier	request body	server/opensso/sessionservice	Unauthenticated Java deserialization lead to RCE via OpenSSO sessionservice (CVE-2021-35587)	CWE-306
SessionID	request body	server/opensso/sessionservice	Unauthenticated Java deserialization lead to RCE via OpenSSO sessionservice (CVE-2021-35587)	CWE-306

27 Oct 2025 17:08Current

9.4High risk

Vulners AI Score9.4

CVSS 27.5

CVSS 3.19.8

EPSS0.94269

SSVC