CVE-2021-35587 Oracle Access Manager Vulnerability

CVE-2021-35587 Oracle Access Manager Vulnerability
2022-3-21 16:49:42 Author: reconshell.com(查看原文) 阅读量:246 收藏

Vulnerability

CVE-2021-35587

Description

POC for CVE-2021-35587: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager.
create by antx at 2022-03-14.

Detail

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent).
Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager.
Successful attacks of this vulnerability can result in takeover of Oracle Access Manager.

CVE Severity

attackComplexity: LOW
attackVector: NETWORK
availabilityImpact: HIGH
confidentialityImpact: HIGH
integrityImpact: HIGH
privilegesRequired: NONE
scope: UNCHANGED
userInteraction: NONE
version: 3.1
baseScore: 9.8
baseSeverity: CRITICAL

Affect

Access Manager
- 11.1.2.3.0
- 12.2.1.3.0
- 12.2.1.4.0

POC

https://github.com/antx-code/CVE-2021-35587/blob/main/CVE-2021-35587.py

Reference

Ref-Source
- Oracle Access Manager pre-authentication Remote Code Execution CVE-2020-35587
- Nuclei POC <CVE-2021-35587>
Ref-Risk
- NVD<CVE-2021-35587>
CVE
- CVE-2021-35587
- NVD<CVE-2021-35587>
Ref-Poc-Engine
- pocx

The CVE-2021-35587 Guide Patterns is a github repository by antx

文章来源: https://reconshell.com/cve-2021-35587-oracle-access-manager-vulnerability/
如有侵权请联系:admin#unsafe.sh