CISA warns about critical vulnerability in Oracle Fusion Middleware

Cybersecurity and CISA safety agency (CISA) on Monday updated the catalog of well -known exploited vulnerabilities, adding a critical vulnerability to it affecting Oracle Fusion Middleware (OFA) versions 11.1.2.2.1.3.0 and 12.2.1.4. 0. The gap in defense received the CVE-2021-35587 identifier and 9.8 score out of 10 on the CVSS scale.

Successful operation of this vulnerability allows an unauthorized attacker with access to the network to fully compromise and take control of copies of Access Manager.

It is worth noting that about CVE-2021-35587 it was known since March this year-about the vulnerability reported researchers Nguyen Dzhanggggggggg) and Peterjson. In addition, nobody will be patched this vulnerability in OFA 11.1.2.3.0, since it is no longer supported. Correction of CVE-2021-35587 is available only in supported versions (12.2.1.3.0 and 12.2.1.4.0) and was released in January of this year.

Additional details about the nature of the attacks and the scale of operation of vulnerability are still unknown. Data, collected company Greynoise show that attackers from the USA, China, Germany, Germany, Singapore and Canada are still trying to use this gap in defense.

/Media reports cited above.