Skip to content
/ CVE-2021-35587 Public

Oracle Access Manager Unauthenticated Attacker Vulnerability CVE-2021-35587

License

MIT license
40 stars 10 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ZZ-SOCMAP/CVE-2021-35587

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
.gitignore
.gitignore
 
 
CVE-2021-35587.py
CVE-2021-35587.py
 
 
LICENSE
LICENSE
 
 
README.org
README.org
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

CVE-2021-35587

Description

  • POC for CVE-2021-35587: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager.
  • create by antx at 2022-03-14.

Detail

  • Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent).
  • Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager.
  • Successful attacks of this vulnerability can result in takeover of Oracle Access Manager.

CVE Severity

  • attackComplexity: LOW
  • attackVector: NETWORK
  • availabilityImpact: HIGH
  • confidentialityImpact: HIGH
  • integrityImpact: HIGH
  • privilegesRequired: NONE
  • scope: UNCHANGED
  • userInteraction: NONE
  • version: 3.1
  • baseScore: 9.8
  • baseSeverity: CRITICAL

Affect

  • Access Manager
    • 11.1.2.3.0
    • 12.2.1.3.0
    • 12.2.1.4.0

POC

Reference

About

Oracle Access Manager Unauthenticated Attacker Vulnerability CVE-2021-35587

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

40 stars

Watchers

1 watching

Forks

10 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages