CURRENT ACTIVITIES-Threat Actors exploiting RCE vulnerability in Oracle Fusion Middle Ware Inbox

CURRENT ACTIVITIES

Threat Actors exploiting RCE vulnerability in Oracle Fusion Middle Ware

Indian - Computer Emergency Response Team (cert-in.org.in)

It has been reported that the threat actors are exploiting remote code execution vulnerability in Oracle Fusion Middle Ware.

Software Affected

Oracle Access Manager (OAM) versions 11.1.2.3.0, 12.2.1.3.0, and 12.2.1.4.0

Description

Oracle Access Manager is a software extensively used by businesses for single sign-on (SSO) as part of the Oracle Fusion Middleware suite.

This vulnerability exists in OpenSSO Agent component of the Oracle Access Manager product due to improper input validation. Successful exploitation of this vulnerability could allow an unauthenticated attacker with network access via HTTP to take control of Oracle Access Manager.

Note: This vulnerability is being exploited in the wild. Users are advised to apply patches urgently.

Solution

Apply appropriate updates as mentioned by the vendor.

https://www.oracle.com/security-alerts/cpujan2022.html

Vendor Information

Oracle

https://www.oracle.com/security-alerts/cpujan2022.html

Reference

Oracle

https://www.oracle.com/security-alerts/cpujan2022.html

CERT-In

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES02&VLCODE=CIAD-2022-0004

CVE Name

CVE-2021-35587

About Cert Advisory

We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.

CURRENT ACTIVITIES-Threat Actors exploiting RCE vulnerability in Oracle Fusion Middle Ware Inbox

About Cert Advisory

Related Posts

Popular Posts

Facebook

Blog Archive