CISA KEV 정보
| 취약점명 | Oracle Fusion Middleware Unspecified Vulnerability |
|---|---|
| 설명 | Oracle Fusion Middleware Access Manager allows an unauthenticated attacker with network access via HTTP to takeover the Access Manager product. |
| 조치사항 | Apply updates per vendor instructions. |
| 랜섬웨어 캠페인 악용 | Unknown |
| CWE | CWE-502 | CWE-790 |
| 등록일 (KEV) | 2022-11-28 |
| 조치 기한 | 2022-12-19 |
| 추가 참고 | https://www.oracle.com/security-alerts/cpujan2022.html; https://nvd.nist.gov/vuln/detail/CVE-2021-35587 |
NVD 상세 정보
CVSS v3.1: 9.8 CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCVSS v2.0: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P설명: Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in takeover of Oracle Access Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CWE: CWE-306
참조
- https://www.oracle.com/security-alerts/cpujan2022.html [Vendor Advisory]
- https://www.oracle.com/security-alerts/cpujan2022.html [Vendor Advisory]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-35587 [US Government Resource]
This product uses the NVD API but is not endorsed or certified by the NVD.