Skip to content

antx-code/CVE-2021-35587

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits

.gitignore

.gitignore

 
 

CVE-2021-35587.py

CVE-2021-35587.py

 
 

LICENSE

LICENSE

 
 

README.org

README.org

 
 

requirements.txt

requirements.txt

 
 

Repository files navigation

CVE-2021-35587

Description

  • POC for CVE-2021-35587: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager.
  • create by antx at 2022-03-14.

Detail

  • Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent).
  • Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager.
  • Successful attacks of this vulnerability can result in takeover of Oracle Access Manager.

CVE Severity

  • attackComplexity: LOW
  • attackVector: NETWORK
  • availabilityImpact: HIGH
  • confidentialityImpact: HIGH
  • integrityImpact: HIGH
  • privilegesRequired: NONE
  • scope: UNCHANGED
  • userInteraction: NONE
  • version: 3.1
  • baseScore: 9.8
  • baseSeverity: CRITICAL

Affect

  • Access Manager
    • 11.1.2.3.0
    • 12.2.1.3.0
    • 12.2.1.4.0

POC

Reference

About

Oracle Access Manager Unauthenticated Attacker Vulnerability CVE-2021-35587

Resources

Readme

License

MIT license
Activity

Stars

40 stars

Watchers

0 watching

Forks

10 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages