CISA Warns of Actively Exploited Critical Oracle Fusion Middleware Vulnerability

Posted: Nov. 29, 2022 by Interware Team

On Monday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), citing evidence of ongoing exploitation, added a significant vulnerability affecting Oracle Fusion Middleware to its Known Exploited Vulnerabilities (KEV) Catalog.

With a CVSS score of 9.8, the vulnerability affects Oracle Access Manager (OAM) versions 11.1.2.3.0, 12.2.1.3.0, and 12.2.1.4.0. It is tracked as CVE-2021-35587.

An unauthenticated attacker with network access who successfully exploits the remote command execution bug may be able to completely compromise and take control of Access Manager instances.

Nguyen Jang, a Vietnamese security researcher, and peterjson identified the flaw earlier in March. They observed that it "may provide the attacker access to OAM server, to create any user with any rights, or just get code execution in the victim's server."

The issue was addressed by Oracle as part of its Critical Patch Update in January 2022.

Additional details regarding the nature of the attacks and the scale of the exploitation efforts are immediately unclear. Data gathered by threat intelligence firm GreyNoise shows that attempts to weaponize the flaw have been ongoing and originate from the U.S., China, Germany, Singapore, and Canada.

Also added by CISA to the KEV catalog is the recently patched heap buffer overflow flaw in the Google Chrome web browser (CVE-2022-4135) that the internet giant acknowledged as having been abused in the wild.

Federal agencies are required to apply the vendor patches by December 19, 2022, to secure their networks against potential threats.

SHARE ARTICLE