Skip to content

Fusion Middleware Vulnerability - 20221129002

Overview

There is a vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0.

What is the vulnerability ?

Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in takeover of Oracle Access Manager.

CVE-2021-35587 - Oracle Fusion Middleware Access Manager allows an unauthenticated attacker with network access via HTTP to takeover the Access Manager product.

What is vulnerable ?

Supported versions that are affected are:

  • 11.1.2.3.0,
  • 12.2.1.3.0, and;
  • 12.2.1.4.0.

What has been observed ?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

  • Apply updates per vendor instructions, to address the vulnerabilities

Reference

  • Oracle Critical Patch Update Advisory - January 2022