VDB
CVE-2021-35587
CVE-2021-35587
PUBLISHED
KEV
CVSS 9.800000190734863 CRITICAL
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in takeover of Oracle Access Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
EPSS 94.27% · 99.9th percentile
Risk Scores
CVSS v3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
94.27%
99.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle Corporation | Access Manager | 11.1.2.3.0, 12.2.1.3.0, 12.2.1.4.0 |
| oracle | access_manager | 11.1.2.3.0, 12.2.1.3.0, 12.2.1.4.0 |
Timeline
- CVE Published
- Jan 20, 2022 EPSS Score
- Mar 10, 2022 PoC Published
- Mar 14, 2022 EPSS Score
- Jun 28, 2022 EPSS Score
- Aug 21, 2022 EPSS Score
- Oct 13, 2022 EPSS Score
- Nov 28, 2022 CISA KEV Added
- Jan 27, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 21, 2023 EPSS Score
- May 18, 2023 EPSS Score