11 matches found
Oracle Access Manager - Remote Code Execution
The Oracle Access Manager portion of Oracle Fusion Middleware component: OpenSSO Agent is vulnerable to remote code execution. Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. This is an easily exploitable vulnerability that allows unauthenticated attackers with...
Oracle Access Manager unauthenticated Remote Code Execution
This module exploits an unauthenticated deserialization of untrusted data vulnerability in the OpenSSO Agent component of the Oracle Access Manager OAM product. The affected product versions are 11.1.2.3.0, 12.2.1.3.0, and 12.2.1.4.0. Module Options msf use...
📄 Oracle Access Manager Unauthenticated Remote Code Execution
This Metasploit module exploits an unauthenticated deserialization of untrusted data vulnerability in the OpenSSO Agent component of the Oracle Access Manager OAM product. The affected product versions are 11.1.2.3.0, 12.2.1.3.0, and 12.2.1.4.0. This module requires Metasploit:...
CISA Warns of Actively Exploited Critical Oracle Fusion Middleware Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added a critical flaw impacting Oracle Fusion Middleware to its Known Exploited Vulnerabilities KEV Catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2021-35587, carries a CVSS score of 9.8 a...
Oracle Access Manager Authentication Bypass (CVE-2021-35587)
An authentication bypass vulnerability exists in Oracle Access Manager. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...
Exploit for Missing Authentication for Critical Function in Oracle Access_Manager
It is an offensive tool for Oracle Access Manager. The tool expl...
Exploit for Missing Authentication for Critical Function in Oracle Access_Manager
It is an offensive tool for Oracle Access Manager. The repositor...
CVE-2021-35587
creationtimestamp| type| source ---|---|--- 2022-01-19 14:32:10+00:00| seen| https://t.me/cibsecurity/35815 2022-03-10 13:25:43+00:00| published-proof-of-concept| https://t.me/ptswarm/113 2022-03-14 11:00:19+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/5601 2022-03-15...
CVE-2021-35587
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: OpenSSO Agent. Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Orac...
CVE-2021-35587
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: OpenSSO Agent. Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Orac...
CVE-2021-35587
CVE-2021-35587 affects Oracle Access Manager (OpenSSO Agent) in Oracle Fusion Middleware. Affected versions: 11.1.2.3.0, 12.2.1.3.0, 12.2.1.4.0. The root cause is unauthenticated deserialization of untrusted data, enabling remote code execution and takeover of Oracle Access Manager. The connected...