CVE-2021-35587 Scanner

Oracle Corporation's Access Manager is a product that helps organizations manage user access to web and enterprise applications. It provides a centralized platform for authentication, authorization, and policy-based control of resources. With Access Manager, organizations can ensure that only authorized users have access to critical resources. It is a crucial component of Oracle Fusion Middleware, supporting versions 11.1.2.3.0, 12.2.1.3.0, and 12.2.1.4.0.

Recently, the CVE-2021-35587 vulnerability was detected in the OpenSSO Agent component of Oracle Access Manager. This vulnerability allows an unauthenticated attacker with network access through HTTP to compromise the Access Manager. The vulnerability is easily exploitable and can result in a complete takeover of the Access Manager. The CVSS 3.1 Base Score for this vulnerability is 9.8, indicating a severe impact on confidentiality, integrity, and availability.

If exploited, the CVE-2021-35587 vulnerability allows an attacker to take over the Access Manager, granting them access to sensitive data and resources. Such an attack could lead to data breaches, theft of intellectual property, and financial losses due to downtime or theft. Moreover, it could damage the reputation of the organization.

At s4e.io, we provide comprehensive vulnerability assessment services that help organizations identify and mitigate vulnerabilities in their digital assets. With our pro features, you can easily and quickly learn about vulnerabilities in your systems and take action to protect them from cyber threats. Don't leave your organization's security to chance - sign up for s4e.io today!

REFERENCES

• https://www.oracle.com/security-alerts/cpujan2022.html