Emergency Vulnerability Bulletin - 11/29/22

11/29/22 10:36 AM  |  by RedLegg Blog

Oracle Fusion Middleware Unspecified Vulnerability

Identifier: CVE-2022-35587

Exploit or POC: Yes (Actively Being Exploited)


Description: CVE-2022-35587 allows Oracle Access Manger to be easily compromised. Authentication and user interaction is not required for successful exploitation. An attacker with network access via HTTP can employ a series of attacks to evoke an account takeover of the Oracle Access Manager.

Mitigation recommendation: Patching is currently the only method of mitigation

RedLegg Action: None at this time.



Critical Security Vulnerabilities Bulletin