Lucene search
K

11 matches found

Nuclei
Nuclei
added 2 days ago285 views

Oracle Access Manager - Remote Code Execution

The Oracle Access Manager portion of Oracle Fusion Middleware component: OpenSSO Agent is vulnerable to remote code execution. Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. This is an easily exploitable vulnerability that allows unauthenticated attackers with...

9.8CVSS7.1AI score0.96284EPSS
Exploits5References5
Metasploit
Metasploit
added 2025/04/08 6:54 p.m.595 views

Oracle Access Manager unauthenticated Remote Code Execution

This module exploits an unauthenticated deserialization of untrusted data vulnerability in the OpenSSO Agent component of the Oracle Access Manager OAM product. The affected product versions are 11.1.2.3.0, 12.2.1.3.0, and 12.2.1.4.0. Module Options msf use...

9.8CVSS8.1AI score0.96284EPSS
Exploits5
Packet Storm
Packet Storm
added 2025/04/08 12:0 a.m.695 views

📄 Oracle Access Manager Unauthenticated Remote Code Execution

This Metasploit module exploits an unauthenticated deserialization of untrusted data vulnerability in the OpenSSO Agent component of the Oracle Access Manager OAM product. The affected product versions are 11.1.2.3.0, 12.2.1.3.0, and 12.2.1.4.0. This module requires Metasploit:...

9.8CVSS9.8AI score0.96284EPSS
Exploits15
The Hacker News
The Hacker News
added 2022/11/29 4:20 a.m.162 views

CISA Warns of Actively Exploited Critical Oracle Fusion Middleware Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added a critical flaw impacting Oracle Fusion Middleware to its Known Exploited Vulnerabilities KEV Catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2021-35587, carries a CVSS score of 9.8 a...

9.8CVSS1AI score0.96284EPSS
Exploits6
Check Point Advisories
Check Point Advisories
added 2022/04/10 12:0 a.m.7 views

Oracle Access Manager Authentication Bypass (CVE-2021-35587)

An authentication bypass vulnerability exists in Oracle Access Manager. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...

7.5CVSS4.8AI score0.96284EPSS
Exploits5
GithubExploit
GithubExploit
added 2022/03/14 5:3 a.m.1648 views

Exploit for Missing Authentication for Critical Function in Oracle Access_Manager

It is an offensive tool for Oracle Access Manager. The tool expl...

9.8CVSS9.7AI score0.96284EPSS
Exploits5
GithubExploit
GithubExploit
added 2022/03/14 5:3 a.m.19 views

Exploit for Missing Authentication for Critical Function in Oracle Access_Manager

It is an offensive tool for Oracle Access Manager. The repositor...

9.8CVSS9.8AI score0.96284EPSS
Exploits5
Circl
Circl
added 2022/01/19 2:32 p.m.20 views

CVE-2021-35587

creationtimestamp| type| source ---|---|--- 2022-01-19 14:32:10+00:00| seen| https://t.me/cibsecurity/35815 2022-03-10 13:25:43+00:00| published-proof-of-concept| https://t.me/ptswarm/113 2022-03-14 11:00:19+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/5601 2022-03-15...

9.8CVSS6.9AI score0.96284EPSS
In wildExploits5References38
OSV
OSV
added 2022/01/19 12:15 p.m.3 views

CVE-2021-35587

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: OpenSSO Agent. Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Orac...

9.8CVSS7AI score0.96284EPSS
Exploits5References2
NVD
NVD
added 2022/01/19 12:15 p.m.35 views

CVE-2021-35587

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: OpenSSO Agent. Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Orac...

9.8CVSS0.96284EPSS
Exploits5References2
CVE
CVE
added 2022/01/19 11:21 a.m.827 views

CVE-2021-35587

CVE-2021-35587 affects Oracle Access Manager (OpenSSO Agent) in Oracle Fusion Middleware. Affected versions: 11.1.2.3.0, 12.2.1.3.0, 12.2.1.4.0. The root cause is unauthenticated deserialization of untrusted data, enabling remote code execution and takeover of Oracle Access Manager. The connected...

9.8CVSS9.4AI score0.96284EPSS
In wildExploits5References2Affected Software1
Rows per page
Query Builder